Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log -- Browser Redirects & Symantec Constantly Detecting .tmp Trojans


  • This topic is locked This topic is locked
78 replies to this topic

#1 epods

epods

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 19 October 2009 - 08:07 AM

I just starting experiencing two issues:

(1) Symantec Auto-Protect is constantly (every 5-10 minutes) detecting Trojan Horses in the WINDOWS\TEMP directory and they continuously being quarantined. File names are all four letters and end with the .tmp extension (Examples: uhtu.tmp, ydei.tmp, bnht.tmp, ycbd.tmp, ykoj.tmp, nkid.tmp, ktms.tmp, crns.tmp, svmp.tmp, etc.)

(2) Occasional random browser redirects in FireFox when typing in or clicking on addresses.

HiJackThis and MBAM results below; thanks for any help you may be able to provide!


HiJackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:34 AM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Richard W. Gilbert\Desktop\Stuff\Virus Info\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://owa.intermedia.net/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} (VeriTest LiveTest Bar Activate) - http://www.livetest.com/livetest/taskpages...ivetest_bar.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11515 bytes



A Malwarebytes' Anti-Malware quick scan is returning no results:

Malwarebytes' Anti-Malware 1.41
Database version: 2982
Windows 5.1.2600 Service Pack 3

10/19/2009 12:28:00 AM
mbam-log-2009-10-19 (00-28-00).txt

Scan type: Quick Scan
Objects scanned: 108056
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 20 October 2009 - 08:25 PM

Hello epods :( Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.









Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post them here.



Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 20 October 2009 - 10:01 PM

Thanks for your assistance!! I am posting all requested logs in order below:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-20 22:52:05
Windows 5.1.2600 Service Pack 3
Running: drzt87tu.exe; Driver: C:\DOCUME~1\RICHAR~1.GIL\LOCALS~1\Temp\ugldipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xB6ADFA00]
SSDT 86ECF098 ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB6ADF730]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB6ADF8A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xB6AE0340]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB6ADFF90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB6AE0C60]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6E62DC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB6ADFB60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xB6ADDF80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB6ADF520]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB6AE0170]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB6AE0910]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB6AE0C10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB6AE0F90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB6AE1560]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB6ADCC40]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6E63020]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB6AE0BC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB6ADE2F0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xB6AE0760]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB6ADFA20]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xB6ADBD40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xB6ADBD50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xB6ADBD60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xB6ADBD80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xB6ADBDA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xB6ADBDD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xB6ADBDE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xB6ADBE00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xB6ADBE10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xB6ADBED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xB6ADBFA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xB6ADBFE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xB6ADC020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFAE 5 Bytes JMP B6AE1E80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4593 5 Bytes JMP B6AE1980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3576] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 00ED5A38
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00ED54C9
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00ED540E
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00ED53A9
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00ED5377
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00ED578E
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00ED5A38
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00ED5A38
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00ED5A38
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00ED578E
IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00ED54C9
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008F54C9
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008F540E
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008F53A9
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 008F5377
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008F578E
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 008F5A38
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 008F5A38
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008F578E
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008F5A38
IAT C:\WINDOWS\ehome\ehSched.exe[856] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008F54C9
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00B054C9
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B054C9
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B0540E
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B053A9
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B05377
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B05A38
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B0578E
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B05A38
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B0578E
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B05A38
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B054C9
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006D54C9
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006D540E
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006D53A9
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006D5377
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 006D540E
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006D54C9
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 006D540E
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 006D53A9
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 006D578E
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 006D5A38
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 006D5A38
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 006D578E
IAT C:\WINDOWS\system32\lsass.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 006D5A38
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007E5377
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007D54C9
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007D540E
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007D53A9
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007D5377
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 007D578E
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 007D5A38
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 007D5A38
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 007D578E
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 007D5A38
IAT C:\WINDOWS\system32\svchost.exe[1276] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007D54C9
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EF54C9
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EF540E
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EF53A9
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EF5377
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EF578E
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00EF5A38
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EF5A38
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EF578E
IAT C:\WINDOWS\System32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EF5A38
IAT C:\WINDOWS\System32\svchost.exe[1432] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EF54C9
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E554C9
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E5540E
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E553A9
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E55377
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E5578E
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E55A38
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E55A38
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E5578E
IAT C:\WINDOWS\system32\svchost.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E55A38
IAT C:\WINDOWS\system32\svchost.exe[1716] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E554C9
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C854C9
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C8540E
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C853A9
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C85377
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C8578E
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C85A38
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C854C9
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C85A38
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C8578E
IAT C:\WINDOWS\System32\alg.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C85A38
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0B6054C9
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0B60540E
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0B6053A9
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0B605377
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0B60578E
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0B605A38
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0B605A38
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0B605A38
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0B60578E
IAT C:\WINDOWS\system32\SearchIndexer.exe[3576] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0B6054C9
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001354C9
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013540E
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001353A9
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135377
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A38
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013578E
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A38
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013578E
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A38
IAT C:\Documents and Settings\Richard W. Gilbert\Desktop\drzt87tu.exe[4628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001354C9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001354C9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013540E
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001353A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135377
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001354C9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A38
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013578E
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A38
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013578E
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[4652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A38

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 [F766A23E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F766A23E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???+????Aux 2??????+????NtmsSvc??g??Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web
---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\sdra64.exe 79360 bytes executable
File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 111084 bytes
File C:\WINDOWS\system32\lowsec\user.ds 0 bytes
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----





DDS (Ver_09-10-13.01) - NTFSx86
Run by Richard W. Gilbert at 22:52:36.84 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Richard W. Gilbert\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://owa.intermedia.net/Login.aspx
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: BayScribeObj Class: {5e028439-81c7-4b82-bc74-25156306f532} - c:\program files\bayscribe\bayscribe.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: LiveTest: {6a80972b-acc9-4bb9-a1e0-69f2eaea763d} - c:\windows\system32\livetest_bar.dll
uRun: [AccuWeatherDesktopAlerts] c:\program files\accuweatherdesktopalerts\AccuWeatherDesktopAlerts.exe
uRun: [SB Audigy 2 Startup Menu] /L:ENG
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} - hxxp://www.livetest.com/livetest/taskpages/install/livetest_bar.cab
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richar~1.gil\applic~1\mozilla\firefox\profiles\afvlpm6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/
FF - plugin: c:\documents and settings\richard w. gilbert\application data\mozilla\firefox\profiles\afvlpm6a.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\richard w. gilbert\application data\mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-8-12 3712]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-1 47640]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-12-21 169200]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2006-2-19 485760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
S0 yyrwm;yyrwm;c:\windows\system32\drivers\bummdxf.sys --> c:\windows\system32\drivers\bummdxf.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-19 19:22 <DIR> --d----- c:\program files\ESET

==================== Find3M ====================

2009-10-20 22:52 1,258,016 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-10-18 23:47 114,692 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-10-18 23:47 11,327,264 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-18 23:47 146,588 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-01 18:30 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 18:30 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 18:30 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-15 21:05 466,944 a------- c:\windows\system32\BSTIEPrintCtl1.dll
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 09:38 25,248 a------- c:\windows\system32\lmimirr.dll
2009-09-08 09:38 11,552 a------- c:\windows\system32\lmimirr2.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-05-30 11:17 120 a------- c:\program files\aahb.txt
2007-08-14 14:02 56,912 a------- c:\documents and settings\richard w. gilbert\g2mdlhlpx.exe

============= FINISH: 22:55:17.56 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2006 11:09:44 PM
System Uptime: 10/19/2009 4:29:31 PM (30 hours ago)

Motherboard: Dell Inc. | | 0K3464
Processor: IntelŪ PentiumŪ 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 168.519 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g Wireless LAN PCI
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00201371&REV_01\4&10416D21&0&00F0
Manufacturer: Ralink Technology, Inc.
Name: 802.11g Wireless LAN PCI
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00201371&REV_01\4&10416D21&0&00F0
Service: RT2500

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AccuWeather Desktop Alerts v2.33
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Adobe Reader Korean Fonts
Adobe Shockwave Player
Alt-Tab Task Switcher Powertoy for Windows XP
AOL Uninstaller (Choose which Products to Remove)
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
BitPim 1.0.6
BlueSoleil
Bonjour
Broadcom Gigabit Integrated Controller
Canon MP Navigator 2.2
Canon MP530
Canon S9000
Coupon Printer for Windows
Creative MediaSource
Data Lifeguard
Dell ResourceCD
DivX
DivX Content Uploader
DivX Web Player
eFax Messenger 4.1
Google Earth
Google Gmail Notifier
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Resizer Powertoy for Windows XP
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
KhalSetup
LG USB Modem driver
LimeWire 4.10.9
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint
LogMeIn
Macromedia Dreamweaver 4
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Managed DirectX (0901)
Maxtor OneTouch
Media Center Alarm Clock
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Tool Web Package:WntIpcfg.exe
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
MSN Money Investment Toolbox
OmniPage SE 2.0
Otto
PowerDVD 5.1
Qimage
QuickTime
Retrospect 6.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shipping Assistant 3.6
Shutterfly Plugin
Sonic DLA
Sonic PrimeTime
Sonic RecordNow!
Sound Blaster Audigy 2
Symantec AntiVirus 10.0.2.2001 (EOL Spring 2006)
Transcription Productivity Tools
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VeriTest LiveTest Bar
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Search 4.0
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/20/2009 10:02:56 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2009 10:02:42 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2009 9:37:01 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/14/2009 12:40:11 AM, error: Print [6161] - The document Microsoft Word - Open House Sign-In Sheet- 10-18-09.doc owned by Richard W. Gilbert failed to print on printer Canon MP530 Series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 327680. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\XPS. Win32 error code returned by the print processor: 5 (0x5).

==== End Of File ===========================

Edited by thewall, 20 October 2009 - 10:17 PM.


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 20 October 2009 - 10:19 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 20 October 2009 - 11:29 PM

Help!! I followed all instructions precisely; however, here is what happened:

1. I disabled Symantec Auto-Protect.
2. Ran ComboFix.exe
3. After a few minutes, ComboFix popped up and said it had detected a rootkit and that it needed to reboot the machine and to write down the name of the following file on a piece of paper as we may need it later: "C:\WINDOWS\system32\sdra64.exe"
4. The computer rebooted in to Windows and immediately displayed a dialog error saying Windows cannot find the following file: "C:\ComboFix\CF8019.exe"

Now, my computer will not even open an executable file and the Windows "Open With" screen pops up asking you what program you want to open the .EXE in. I'm having to use another computer just to write this post. Please let me know how to proceed and I appreciate your help. Thanks.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 20 October 2009 - 11:46 PM

Let me check before I give you any more instructions. I should have something in the morning my time.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 20 October 2009 - 11:53 PM

Okay, thanks. Now when I rebooted, ComboFix starting running again automatically so I'll see if anything different occurs this time or if the same error appears.

#8 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 21 October 2009 - 12:25 AM

ComboFix appears to have successfully run the second time around and produced the following log:


ComboFix 09-10-20.03 - Richard W. Gilbert 10/21/2009 0:54.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.485 [GMT -4:00]
Running from: c:\documents and settings\Richard W. Gilbert\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\Desktop\Windows Police Pro.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 04:11 . 2009-10-21 04:13 58 ----a-w- c:\windows\wp4.dat
2009-10-21 04:11 . 2009-10-21 04:13 2 ----a-w- c:\windows\wp3.dat
2009-10-19 22:48 . 2009-10-19 22:48 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-19 22:48 . 2009-10-19 22:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BayScribe
2009-10-19 22:48 . 2009-10-19 22:48 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-10-19 03:53 . 2009-10-19 03:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-18 20:53 . 2009-10-18 20:53 -------- d-----w- c:\documents and settings\Richard W. Gilbert\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 05:10 . 2009-05-30 15:29 1282848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-21 04:52 . 2006-02-19 06:17 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-21 04:48 . 2009-05-30 15:29 154748 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 04:48 . 2009-05-30 15:29 120788 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-21 04:48 . 2009-05-30 15:29 11522592 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 04:48 . 2009-04-17 06:44 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000003-00001102-00000004-10031102}.dat
2009-10-21 04:48 . 2009-04-17 06:44 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000003-00001102-00000004-10031102}.dat
2009-10-21 04:17 . 2009-03-01 04:13 -------- d-----w- c:\program files\LogMeIn
2009-10-19 02:21 . 2006-08-29 02:32 -------- d-----w- c:\documents and settings\Richard W. Gilbert\Application Data\Canon
2009-10-01 22:30 . 2009-03-01 04:13 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 22:30 . 2009-03-01 04:13 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 22:30 . 2009-03-01 04:13 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-19 03:02 . 2008-09-10 04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 14:18 . 2004-01-22 02:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-09-10 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-10 04:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:38 . 2008-10-17 01:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 13:38 . 2008-10-17 01:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-01-22 02:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 22:25 . 2006-02-19 16:07 -------- d-----w- c:\program files\Qimage
2009-08-29 08:08 . 2005-10-21 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-01-22 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2006-02-19 05:39 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-02-19 05:39 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2006-02-19 05:39 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-02-19 03:59 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-01-22 02:07 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-02-19 05:39 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-02-19 03:59 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-19 04:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-01-22 02:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 09:23 . 2008-12-28 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-30 15:17 . 2009-05-30 15:17 120 ----a-w- c:\program files\aahb.txt
.

((((((((((((((((((((((((((((( SnapShot_2009-05-30_16.20.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-22 02:21 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2004-01-22 02:20 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-01-22 02:19 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2003-07-30 08:53 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-03-01 04:13 . 2009-10-01 22:30 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2009-03-01 04:13 . 2008-10-17 01:35 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2009-09-10 22:19 . 2009-10-01 22:30 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2009-09-10 22:19 . 2009-10-01 22:30 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2009-09-10 22:19 . 2009-10-01 22:30 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2009-03-01 04:13 . 2009-10-01 22:30 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2009-03-01 04:13 . 2009-10-01 22:30 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2009-03-01 04:13 . 2009-10-01 22:30 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2006-02-19 04:03 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2009-10-20 13:12 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-20 13:12 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-01-22 02:17 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-01-22 02:17 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-01-22 02:15 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
- 2004-01-22 02:15 . 2009-04-14 20:58 78786 c:\windows\system32\perfc009.dat
+ 2004-01-22 02:15 . 2009-10-17 13:33 78786 c:\windows\system32\perfc009.dat
- 2006-06-29 12:05 . 2006-06-29 12:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 21:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 21:59 . 2006-06-28 21:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-01-22 02:13 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
- 2004-01-22 02:13 . 2007-08-13 22:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-01-22 02:13 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-01-22 02:13 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
- 2004-01-22 02:13 . 2007-08-13 22:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 22:36 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 22:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-02-09 18:42 . 2009-08-22 12:40 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-01-22 02:10 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-01-22 02:10 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-01-22 02:10 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-01-22 02:10 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-01-22 02:09 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-01-22 02:09 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2004-01-22 02:09 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2004-01-22 02:10 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-08-06 13:33 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-02-19 05:39 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-02-19 03:59 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 22:01 . 2007-08-13 22:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:01 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:32 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-13 22:32 . 2007-08-13 22:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-04-14 23:14 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2007-08-13 22:54 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2009-04-14 23:14 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-04-14 23:14 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 22:39 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-14 23:14 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 22:18 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2007-08-13 22:42 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-01-22 02:07 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-01-22 02:08 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2006-02-19 04:09 . 2009-10-21 04:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-19 04:09 . 2009-04-14 20:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-19 04:09 . 2009-10-21 04:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-19 04:09 . 2009-04-14 20:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-19 03:53 . 2009-10-21 04:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-02-19 04:09 . 2009-10-21 04:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-19 04:09 . 2009-04-14 20:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-01-22 02:07 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2004-01-22 02:07 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
- 2004-01-22 02:07 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2004-01-22 02:07 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
+ 2004-01-22 02:07 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-08-04 05:12 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-08-04 05:12 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2006-02-19 04:00 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2006-02-19 04:00 . 2007-01-02 20:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2006-02-19 04:00 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2006-02-19 04:00 . 2007-01-02 20:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2006-02-19 04:00 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-02-19 04:00 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-02-19 04:00 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-02-19 04:00 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\e0ea1.msp
+ 2009-04-14 20:43 . 2009-04-14 20:43 88576 c:\windows\Installer\c144d.msi
+ 2006-02-19 07:43 . 2006-02-19 07:43 20480 c:\windows\Installer\81679.msi
+ 2006-02-19 04:12 . 2006-02-19 04:12 22016 c:\windows\Installer\2816f.msi
+ 2009-06-06 18:42 . 2009-06-06 18:42 49152 c:\windows\Installer\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}\NewShortcut5_0096E02588E8414E814E6C7126E3577B.exe
+ 2009-06-06 18:42 . 2009-06-06 18:42 49152 c:\windows\Installer\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}\NewShortcut1_6508F1DA0C604955BD7E92AAE64A45BC.exe
+ 2009-06-06 18:42 . 2009-06-06 18:42 49152 c:\windows\Installer\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}\ARPPRODUCTICON.exe
+ 2009-10-17 13:21 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-08-06 13:33 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-06 13:33 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-06 13:33 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-06 13:32 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
+ 2009-08-06 13:32 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-08-06 13:32 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
+ 2009-08-06 13:32 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-08-06 13:32 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-08-06 13:32 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
+ 2009-08-06 13:32 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
+ 2009-08-06 13:32 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-08-06 13:32 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
+ 2009-08-06 13:32 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-08-06 13:32 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
+ 2009-08-06 13:32 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
+ 2009-08-06 13:32 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-08-06 13:08 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-08-06 13:08 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-08-06 13:08 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-08-06 13:08 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-08-06 13:08 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-12 13:16 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-12 13:16 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-12 13:16 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-12 13:16 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2009-10-17 13:14 . 2009-10-17 13:14 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_17d7c4c8\System.Drawing.Design.dll
+ 2009-10-17 13:14 . 2009-10-17 13:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6e7149b9\CustomMarshalers.dll
+ 2009-10-17 13:11 . 2009-10-17 13:11 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_3366fc38\System.Drawing.Design.dll
+ 2009-10-17 13:10 . 2009-10-17 13:10 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_399fcd51\CustomMarshalers.dll
+ 2009-10-17 13:51 . 2009-10-17 13:51 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-17 13:43 . 2009-10-17 13:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-17 13:41 . 2009-10-17 13:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-17 14:24 . 2009-10-17 14:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-17 14:08 . 2009-10-17 14:08 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-17 14:05 . 2009-10-17 14:05 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-08-12 15:40 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-08-12 15:41 . 2008-04-14 00:11 84992 c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-08-26 23:17 . 2008-04-14 00:12 60416 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-26 23:17 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-08-14 20:53 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
+ 2009-08-14 20:53 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2009-08-14 20:53 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys
+ 2009-07-17 13:37 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-08-12 15:42 . 2008-04-14 00:12 78336 c:\windows\$NtUninstallKB960859$\tlntsess.exe
+ 2009-08-12 15:42 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-08-12 15:40 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-08-12 15:40 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-08-12 15:37 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-08-12 15:37 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-08-12 15:40 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-08-12 15:40 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-08-12 15:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-08-12 15:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-08-06 13:33 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972636-IE8\update\spcustom.dll
+ 2009-08-06 13:33 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972636-IE8\spmsg.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll
+ 2009-08-06 13:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll
+ 2009-08-06 13:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll
+ 2009-09-10 10:45 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2009-09-10 10:45 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-06-12 13:16 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-12 13:16 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-12 13:16 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB969897-IE7\update\spcustom.dll
+ 2009-06-12 13:16 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB969897-IE7\spmsg.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\pngfilt.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 52224 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeedsbs.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 27648 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\jsproxy.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 13824 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iernonce.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 78336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieencode.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 70656 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ie4uinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 63488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\icardie.dll
+ 2009-06-12 13:15 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-12 13:15 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-08-14 20:53 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-08-14 20:53 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-06-12 13:18 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-12 13:18 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-17 13:37 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-17 13:37 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-08-12 15:42 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-08-12 15:42 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-09-10 10:46 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-10 10:46 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956744\spmsg.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2006-02-19 04:00 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-02-19 04:00 . 2007-01-02 20:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-08-06 13:33 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-04-14 20:46 . 2009-04-14 20:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-04-14 20:46 . 2009-04-14 20:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-04-14 20:04 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2009-04-14 20:04 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2006-02-19 04:12 . 2008-04-14 00:12 485376 c:\windows\system32\wmspdmod.dll
+ 2006-02-19 04:12 . 2009-04-03 16:15 485376 c:\windows\system32\wmspdmod.dll
- 2006-02-19 04:13 . 2008-04-14 00:12 233472 c:\windows\system32\wmpdxm.dll
+ 2006-02-19 04:13 . 2009-07-12 16:21 233472 c:\windows\system32\wmpdxm.dll
+ 2004-01-22 02:22 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2004-01-22 02:22 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2007-08-13 22:45 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-01-22 02:22 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-01-22 02:21 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-01-22 02:20 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
- 2004-01-22 02:20 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-01-22 02:19 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2004-01-22 02:17 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-03-06 02:16 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2004-01-22 02:15 . 2009-04-14 20:58 463510 c:\windows\system32\perfh009.dat
+ 2004-01-22 02:15 . 2009-10-17 13:33 463510 c:\windows\system32\perfh009.dat
+ 2004-01-22 02:15 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-01-22 02:13 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2008-05-27 02:18 . 2009-05-25 04:24 350208 c:\windows\system32\mssph.dll
- 2008-05-27 02:18 . 2008-05-27 02:18 350208 c:\windows\system32\mssph.dll
+ 2004-01-22 02:13 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
- 2004-01-22 02:13 . 2007-08-13 22:54 156160 c:\windows\system32\msls31.dll
+ 2004-01-22 02:13 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 22:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-01-22 02:11 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-01-22 02:10 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2005-06-15 17:50 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2003-01-13 19:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-08-06 13:58 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
+ 2009-08-06 13:58 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2009-08-06 13:58 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2007-08-13 22:54 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-01-22 02:09 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-01-22 02:09 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-01-22 02:09 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-01-22 02:09 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-01-22 02:09 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-01-22 02:09 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-18 22:53 . 2009-06-12 13:25 116560 c:\windows\system32\FNTCACHE.DAT
- 2006-02-18 22:53 . 2009-04-14 20:53 116560 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-01-22 02:08 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-01-22 02:08 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-02-19 05:39 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-19 05:39 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-02-19 05:39 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2009-04-14 20:04 . 2008-04-14 00:12 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-04-14 20:04 . 2009-04-03 16:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-04-14 20:04 . 2009-07-12 16:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2009-04-14 20:04 . 2008-04-14 00:12 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-21 06:44 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 22:54 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 22:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-09-09 10:09 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 22:44 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-08-13 22:54 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2004-01-22 02:13 . 2007-08-13 22:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-01-22 02:13 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-04-14 23:14 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-14 20:40 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 22:43 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-08-06 13:33 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 22:54 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-08-06 13:33 . 2009-08-07 08:48 100352 c:\windows\system32\dllcache\iecompat.dll
+ 2009-04-14 23:14 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-01-22 02:09 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:54 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 22:54 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:35 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-01-22 02:07 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2009-04-14 20:03 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2009-04-14 20:03 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-04-14 20:45 . 2009-04-14 20:45 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2006-02-19 04:00 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2006-02-19 04:00 . 2004-07-20 01:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2006-02-19 04:00 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2006-02-19 04:00 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\e8b9a.msp
+ 2009-04-14 20:45 . 2009-04-14 20:45 648192 c:\windows\Installer\e8b77.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\e0eaa.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\e0ea8.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\e0ea6.msp
+ 2009-04-14 20:44 . 2009-04-14 20:44 137728 c:\windows\Installer\e0ea0.msi
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\c1452.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\c1450.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\c144f.msp
+ 2007-10-18 08:26 . 2007-10-18 08:26 621568 c:\windows\Installer\af289269.msi
+ 2006-02-20 05:42 . 2006-02-20 05:42 412672 c:\windows\Installer\a81a5.msi
+ 2008-06-09 20:08 . 2008-06-09 20:08 289792 c:\windows\Installer\a743d.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\a224e2e.msp
+ 2006-05-01 06:28 . 2006-05-01 06:28 213504 c:\windows\Installer\8e89d.msi
+ 2006-02-19 19:01 . 2006-02-19 19:01 304640 c:\windows\Installer\8408e0.msi
+ 2006-02-19 19:00 . 2006-02-19 19:00 305152 c:\windows\Installer\8408da.msi
+ 2006-02-19 07:42 . 2006-02-19 07:42 178176 c:\windows\Installer\81673.msi
+ 2007-05-02 18:28 . 2007-05-02 18:28 268800 c:\windows\Installer\7802f.msi
+ 2008-12-28 17:33 . 2008-12-28 17:33 562176 c:\windows\Installer\7012d.msi
+ 2006-08-12 17:51 . 2006-08-12 17:51 578048 c:\windows\Installer\4cd5b.msi
+ 2006-02-25 06:22 . 2006-02-25 06:22 792576 c:\windows\Installer\4afc16b.msi
+ 2006-02-19 04:16 . 2006-02-19 04:16 264704 c:\windows\Installer\4ae2.msi
+ 2006-10-09 20:34 . 2006-10-09 20:34 991744 c:\windows\Installer\495c7.msi
+ 2007-01-21 18:28 . 2007-01-21 18:28 188928 c:\windows\Installer\32e6c631.msi
+ 2006-07-10 06:38 . 2006-07-10 06:38 479744 c:\windows\Installer\1e771.msi
+ 2006-02-19 16:22 . 2006-02-19 16:22 531968 c:\windows\Installer\1dccbd.msi
+ 2006-02-19 16:21 . 2006-02-19 16:21 569856 c:\windows\Installer\1dccb8.msi
+ 2006-02-19 16:19 . 2006-02-19 16:19 644096 c:\windows\Installer\1dccac.msi
+ 2007-07-21 07:53 . 2007-07-21 07:53 282624 c:\windows\Installer\1c3575b2.msi
+ 2007-03-21 07:50 . 2007-03-21 07:50 189952 c:\windows\Installer\1a65bbd1.msi
+ 2006-02-19 08:23 . 2006-02-19 08:23 171008 c:\windows\Installer\162d5.msi
+ 2006-02-19 08:43 . 2006-02-19 08:43 285184 c:\windows\Installer\14f965.msi
+ 2006-08-21 06:50 . 2006-08-21 06:50 187904 c:\windows\Installer\1475d47a.msi
+ 2009-10-17 13:21 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-17 13:21 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-17 13:21 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-17 13:21 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-17 13:21 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-19 03:36 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll
+ 2009-10-19 03:36 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe
+ 2009-10-19 03:36 . 2009-07-01 07:08 101376 c:\windows\ie8updates\KB973874-IE8\iecompat.dll
+ 2009-08-06 13:33 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-08-06 13:33 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-08-06 13:33 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-06 13:33 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-06 13:33 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-06 13:33 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-06 13:33 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-06 13:33 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-06 13:33 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-09-10 10:45 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 10:45 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 10:45 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
+ 2009-08-06 13:32 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-08-06 13:32 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2009-08-06 13:32 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-08-06 13:32 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
+ 2009-08-06 13:32 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-08-06 13:32 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-08-06 13:32 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-08-06 13:32 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
+ 2009-08-06 13:32 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
+ 2009-08-06 13:32 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-08-06 13:32 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
+ 2009-08-06 13:32 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2009-08-06 13:32 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-08-06 13:32 . 2007-08-13 22:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-08-06 13:32 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-08-06 13:08 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-08-06 13:08 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-08-06 13:08 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-08-06 13:08 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-08-06 13:08 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-08-06 13:08 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-06-12 13:16 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-12 13:16 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-12 13:16 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-12 13:16 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-12 13:16 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-12 13:16 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-12 13:16 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2006-02-19 18:53 . 2006-02-19 18:53 320064 c:\windows\Downloaded Installations\Image Resizer Powertoy for Windows XP.msi
+ 2006-02-19 18:53 . 2006-02-19 18:53 333332 c:\windows\Downloaded Installations\Alt-Tab Task Switcher Powertoy for Windows XP.msi
+ 2006-06-10 00:15 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
+ 2006-02-19 07:28 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\ISScript11.Msi
+ 2009-10-17 13:15 . 2009-10-17 13:15 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e485b868\System.Drawing.dll
+ 2009-10-17 13:16 . 2009-10-17 13:16 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e539782f\System.Drawing.Design.dll
+ 2009-10-17 13:16 . 2009-10-17 13:16 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a0ac308d\CustomMarshalers.dll
+ 2009-10-17 13:11 . 2009-10-17 13:11 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_5cce08f9\System.Drawing.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-17 13:51 . 2009-10-17 13:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-17 13:51 . 2009-10-17 13:51 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-17 13:51 . 2009-10-17 13:51 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-17 14:23 . 2009-10-17 14:23 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-17 14:06 . 2009-10-17 14:06 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-17 14:06 . 2009-10-17 14:06 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-17 13:50 . 2009-10-17 13:50 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-17 14:22 . 2009-10-17 14:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-17 14:09 . 2009-10-17 14:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-17 13:48 . 2009-10-17 13:48 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-17 13:47 . 2009-10-17 13:47 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-17 13:46 . 2009-10-17 13:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-17 13:46 . 2009-10-17 13:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-17 14:08 . 2009-10-17 14:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-17 14:24 . 2009-10-17 14:24 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-17 14:24 . 2009-10-17 14:24 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-17 14:23 . 2009-10-17 14:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-17 14:08 . 2009-10-17 14:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-17 14:05 . 2009-10-17 14:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-12 15:40 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-08-12 15:40 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-08-12 15:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-08-12 15:37 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-08-12 15:37 . 2008-04-14 00:12 203776 c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-08-12 15:39 . 2008-04-14 00:12 233472 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-08-12 15:39 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-08-12 15:39 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-08-12 15:40 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-08-12 15:40 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-08-12 15:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-08-12 15:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-07-17 13:39 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-08-12 15:41 . 2008-04-14 00:12 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-08-12 15:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-07-17 13:39 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-08-12 15:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-08-26 23:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-26 23:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-06-12 13:16 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-12 13:16 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-12 13:16 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-09-10 10:46 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-10 10:46 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-06-12 13:15 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-12 13:15 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-08-14 20:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
+ 2009-08-14 20:53 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-08-14 20:53 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
+ 2009-08-14 20:53 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll
+ 2009-08-14 20:53 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll
+ 2009-08-14 20:53 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll
+ 2009-06-12 13:18 . 2009-05-12 19:12 382496 c:\windows\$NtUninstallKB963093$\spuninst\updspapi.dll
+ 2009-06-12 13:18 . 2009-05-12 19:12 231456 c:\windows\$NtUninstallKB963093$\spuninst\spuninst.exe
+ 2009-06-12 13:18 . 2008-05-27 02:18 350208 c:\windows\$NtUninstallKB963093$\mssph.dll
+ 2009-06-12 13:18 . 2008-05-27 02:19 304128 c:\windows\$NtUninstallKB963093$\msnlnamespacemgr.dll
+ 2009-06-12 13:18 . 2008-05-27 02:20 595456 c:\windows\$NtUninstallKB963093$\msnlext.dll
+ 2009-06-12 13:18 . 2008-05-27 02:19 275456 c:\windows\$NtUninstallKB963093$\mapine.dll
+ 2009-06-12 13:18 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-12 13:18 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-12 13:18 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-07-17 13:37 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-17 13:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-17 13:37 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-08-12 15:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-08-12 15:42 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-09-10 10:46 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-10 10:46 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-10 10:46 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-08-12 15:41 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-08-12 15:40 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973869\update\updspapi.dll
+ 2009-08-12 15:40 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-12 15:40 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2009-08-12 15:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-08-12 15:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-08-12 15:37 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-12 15:40 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-08-12 15:40 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-08-12 15:40 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-08-12 15:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973354\update\updspapi.dll
+ 2009-08-12 15:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-08-12 15:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973354\spuninst.exe
+ 2009-07-17 13:39 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-17 13:39 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-17 13:39 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-08-06 13:33 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972636-IE8\update\updspapi.dll
+ 2009-08-06 13:33 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972636-IE8\update\update.exe
+ 2009-08-06 13:33 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972636-IE8\spuninst.exe
+ 2009-08-06 13:33 . 2009-07-01 06:33 101376 c:\windows\$hf_mig$\KB972636-IE8\SP3QFE\iecompat.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE8\update\updspapi.dll
+ 2009-08-06 13:33 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE8\update\update.exe
+ 2009-08-06 13:33 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260-IE8\spuninst.exe
+ 2009-08-06 13:33 . 2009-07-03 17:06 915456 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 206848 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\occache.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 594432 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeeds.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 246272 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieproxy.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 184320 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iepeers.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 386048 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iedkcs32.dll
+ 2009-08-06 13:33 . 2009-07-03 11:38 173056 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ie4uinit.exe
+ 2009-08-06 13:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE7\update\updspapi.dll
+ 2009-08-06 13:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-08-06 13:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972260-IE7\spuninst.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 828928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 233472 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\webcheck.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 105984 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\url.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 102912 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\occache.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 671232 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mstime.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 193024 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msrating.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 477696 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtmled.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 459264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeeds.dll
+ 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 268288 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iertutil.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 388608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iedkcs32.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 380928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dll
+ 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakui.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 230400 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieaksie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 153088 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakeng.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 132608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\extmgr.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 214528 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtrans.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 347136 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtmsft.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 124928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\advpack.dll
+ 2009-09-10 10:45 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
+ 2009-09-10 10:45 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
+ 2009-09-10 10:45 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
+ 2009-09-09 10:09 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
+ 2009-08-12 15:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-08-12 15:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-07-17 13:39 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-17 13:39 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-17 13:39 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-08-12 15:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-08-12 15:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-06-12 13:16 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-12 13:16 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-12 13:16 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-12 13:18 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-12 13:18 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-12 13:16 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE7\update\updspapi.dll
+ 2009-06-12 13:16 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2009-06-12 13:16 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB969897-IE7\spuninst.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 828928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 233472 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\webcheck.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 105984 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\url.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 102912 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\occache.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 671232 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mstime.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 193024 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msrating.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 477696 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtmled.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 459264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeeds.dll
+ 2009-04-25 05:27 . 2009-04-25 05:27 636088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 268288 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iertutil.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 388608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iedkcs32.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 380928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dll
+ 2009-04-25 05:26 . 2009-04-25 05:26 161792 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakui.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 230400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieaksie.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 153088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakeng.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 132608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\extmgr.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 214528 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtrans.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 347136 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtmsft.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 124928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\advpack.dll
+ 2009-06-12 13:15 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-12 13:15 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-12 13:15 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-08-14 20:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-08-14 20:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-08-14 20:53 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-06-12 13:18 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-12 13:18 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-12 13:18 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-07-17 13:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-17 13:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-17 13:37 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2009-08-12 15:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-08-12 15:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-08-12 15:42 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-09-10 10:46 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-10 10:46 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-10 10:46 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-09 10:09 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-08-12 15:41 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956744\update\updspapi.dll
+ 2009-08-12 15:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-08-12 15:41 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956744\spuninst.exe
+ 2009-10-16 13:18 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2006-02-19 04:12 . 2008-11-07 20:45 2174976 c:\windows\system32\WMVCore.dll
+ 2006-02-19 04:12 . 2009-05-26 20:53 2174976 c:\windows\system32\WMVCore.dll
+ 2003-04-18 18:55 . 2009-07-12 16:21 4874240 c:\windows\system32\wmp.dll
- 2003-04-18 18:55 . 2008-04-14 00:12 4874240 c:\windows\system32\wmp.dll
+ 2004-01-22 02:22 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-01-22 02:22 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2005-10-21 17:51 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2004-01-22 02:16 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-01-22 02:16 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2003-11-12 08:54 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2006-02-19 03:59 . 2009-06-10 13:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-01-22 02:13 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 22:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 20:10 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-02-19 03:59 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2006-12-07 22:02 . 2009-05-26 20:53 2174976 c:\windows\system32\dllcache\WMVCore.dll
- 2006-12-07 22:02 . 2008-11-07 20:45 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-04-14 20:04 . 2009-07-12 16:21 4874240 c:\windows\system32\dllcache\wmp.dll
- 2009-04-14 20:04 . 2008-04-14 00:12 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-16 22:05 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:15 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 22:05 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 22:05 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 22:05 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 22:05 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 22:05 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 22:05 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 22:05 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-08-12 12:34 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-21 06:44 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-14 23:14 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-14 23:14 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2009-04-14 20:04 . 2007-04-02 18:42 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2006-02-19 04:00 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-02-19 04:00 . 2007-01-02 20:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-02-19 04:00 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-02-19 04:00 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-02-19 04:00 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2006-02-19 04:00 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2006-02-19 04:00 . 2007-01-02 20:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2006-02-19 04:00 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\e8b85.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\e0ea9.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\e0ea7.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\e0ea5.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\e0ea4.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\e0ea3.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\e0ea2.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\c1456.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\c1455.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\c1454.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\c1453.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\c1451.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\c144e.msp
+ 2009-04-18 16:22 . 2009-04-18 16:22 3966976 c:\windows\Installer\81c1bdf.msi
+ 2009-04-18 16:20 . 2009-04-18 16:20 1659392 c:\windows\Installer\81c1a53.msi
+ 2009-04-18 16:20 . 2009-04-18 16:20 8992256 c:\windows\Installer\81c1a4e.msi
+ 2009-04-18 16:18 . 2009-04-18 16:18 3293696 c:\windows\Installer\81c17e6.msi
+ 2009-04-18 15:12 . 2009-04-18 15:12 1549312 c:\windows\Installer\7df8755.msi
+ 2006-02-20 19:48 . 2006-02-20 19:48 3443712 c:\windows\Installer\3e5493.msi
+ 2008-12-28 17:15 . 2008-12-28 17:15 1396224 c:\windows\Installer\3b9e9af2.msi
+ 2009-03-01 04:13 . 2009-03-01 04:13 2336256 c:\windows\Installer\3404ffaf.msi
+ 2009-06-06 18:42 . 2009-06-06 18:42 1698304 c:\windows\Installer\247f6485.msi
+ 2006-06-10 00:35 . 2006-06-10 00:35 5864960 c:\windows\Installer\21d58.msp
+ 2006-09-30 06:39 . 2006-09-30 06:39 3888640 c:\windows\Installer\1e70874b.msi
+ 2006-02-19 06:17 . 2006-02-19 06:17 5966336 c:\windows\Installer\1c8c2e.msi
+ 2006-02-19 05:28 . 2006-02-19 05:28 7659008 c:\windows\Installer\1aa3d.msi
+ 2006-08-29 02:18 . 2006-08-29 02:18 2919936 c:\windows\Installer\185ffc4b.msi
+ 2006-02-19 06:50 . 2006-02-19 06:50 3044864 c:\windows\Installer\181655.msi
+ 2006-02-19 07:21 . 2006-02-19 07:21 2332672 c:\windows\Installer\15898.msi
+ 2006-02-19 07:15 . 2006-02-19 07:15 3780096 c:\windows\Installer\15893.msi
+ 2006-02-19 07:14 . 2006-02-19 07:14 2777600 c:\windows\Installer\1584f.msi
+ 2009-01-30 05:26 . 2009-01-30 05:26 1227776 c:\windows\Installer\14d3262e.msi
+ 2009-10-17 13:21 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-17 13:21 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-17 13:21 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-08-06 13:33 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-06 13:33 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-06 13:33 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-06 13:32 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
+ 2009-08-06 13:32 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
+ 2009-08-06 13:32 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
+ 2009-08-06 13:32 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-08-06 13:08 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-08-06 13:08 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-08-06 13:08 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-08-06 13:08 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2009-06-12 13:16 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-12 13:16 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-12 13:16 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2008-10-16 22:05 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 22:05 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 22:05 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 22:05 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 22:05 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 22:05 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 22:05 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-12 22:07 . 2009-02-19 16:38 2766152 c:\windows\Downloaded Program Files\RACtrl.dll
- 2009-01-12 22:07 . 2009-01-12 22:07 2766152 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2006-02-19 07:09 . 2006-02-19 07:15 8951296 c:\windows\Downloaded Installations\{BF5DDE6A-F92D-4930-AED9-02A715AB3998}\Maxtor OneTouch.msi
+ 2006-02-19 07:07 . 2006-02-19 07:11 7609344 c:\windows\Downloaded Installations\{BB90C5EA-6B3A-4AB2-A040-3B416E91787A}\Maxtor OneTouch.msi
+ 2006-06-10 00:15 . 2006-05-08 14:37 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
+ 2006-02-19 07:28 . 2006-02-08 19:49 9934848 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\iTunes.msi
+ 2006-10-09 19:01 . 2006-10-09 20:33 6981632 c:\windows\Downloaded Installations\{156D71EC-9396-49C9-AD1A-808FFD897912}\Microsoft ActiveSync 4.0.msi
+ 2009-10-17 13:16 . 2009-10-17 13:16 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_be9d27d5\System.dll
+ 2009-10-17 13:13 . 2009-10-17 13:13 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a96a5f70\System.dll
+ 2009-10-17 13:15 . 2009-10-17 13:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_da66264d\System.Xml.dll
+ 2009-10-17 13:17 . 2009-10-17 13:17 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_611f7850\System.Xml.dll
+ 2009-10-17 13:14 . 2009-10-17 13:14 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_78ed0179\System.Windows.Forms.dll
+ 2009-10-17 13:17 . 2009-10-17 13:17 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_28602153\System.Windows.Forms.dll
+ 2009-10-17 13:17 . 2009-10-17 13:17 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6b38b12b\System.Drawing.dll
+ 2009-10-17 13:15 . 2009-10-17 13:15 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c3a4aab6\System.Design.dll
+ 2009-10-17 13:17 . 2009-10-17 13:17 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_06d0464d\System.Design.dll
+ 2009-10-17 13:15 . 2009-10-17 13:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c36ea16e\mscorlib.dll
+ 2009-10-17 13:17 . 2009-10-17 13:17 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9160bcc1\mscorlib.dll
+ 2009-10-17 13:10 . 2009-10-17 13:10 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_a5e15b4f\System.dll
+ 2009-10-17 13:12 . 2009-10-17 13:12 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_353b5bc4\System.Xml.dll
+ 2009-10-17 13:11 . 2009-10-17 13:11 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_5e49bc3a\System.Windows.Forms.dll
+ 2009-10-17 13:11 . 2009-10-17 13:11 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_de5b97e4\System.Design.dll
+ 2009-10-17 13:10 . 2009-10-17 13:10 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_4feabf84\mscorlib.dll
+ 2009-10-17 13:41 . 2009-10-17 13:41 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-17 13:51 . 2009-10-17 13:51 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-17 13:38 . 2009-10-17 13:38 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-17 13:51 . 2009-10-17 13:51 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-17 13:50 . 2009-10-17 13:50 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-17 14:07 . 2009-10-17 14:07 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-17 13:50 . 2009-10-17 13:50 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-17 14:05 . 2009-10-17 14:05 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-17 13:50 . 2009-10-17 13:50 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-17 13:49 . 2009-10-17 13:49 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-17 14:23 . 2009-10-17 14:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-17 13:49 . 2009-10-17 13:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-17 13:49 . 2009-10-17 13:49 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-17 13:48 . 2009-10-17 13:48 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-17 13:48 . 2009-10-17 13:48 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-17 13:40 . 2009-10-17 13:40 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-17 14:08 . 2009-10-17 14:08 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-17 14:37 . 2009-10-17 14:37 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-17 14:36 . 2009-10-17 14:36 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-17 14:09 . 2009-10-17 14:09 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-17 13:31 . 2009-10-17 13:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-17 13:31 . 2009-10-17 13:31 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-04-14 20:46 . 2009-04-14 20:46 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-17 13:13 . 2009-10-17 13:13 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-25 18:10 . 2007-07-25 18:10 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-25 18:10 . 2007-07-25 18:10 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-17 13:13 . 2009-10-17 13:13 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-04-14 20:18 . 2009-04-14 20:18 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-17 13:09 . 2009-10-17 13:09 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-12 15:39 . 2008-04-14 00:12 4874240 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
+ 2009-08-12 15:39 . 2008-04-14 00:12 1314816 c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-07-17 13:39 . 2008-12-20 22:14 1288192 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-09-10 10:46 . 2008-11-07 20:45 2174976 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-06-12 13:15 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-08-12 15:41 . 2008-04-14 00:11 2061824 c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-07-10 22:54 . 2009-07-10 22:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 1208832 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\urlmon.dll
+ 2009-08-06 13:33 . 2009-07-19 13:17 5938176 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
+ 2009-08-06 13:33 . 2009-07-03 17:06 1985536 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iertutil.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 1163264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\urlmon.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 3600384 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 6070784 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dat
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 1163264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\urlmon.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 3598336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 6069248 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll
+ 2009-06-11 13:21 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dat
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-08-12 12:35 . 2009-06-09 15:21 2067968 c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2006-02-19 07:24 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-04-14 23:14 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\e8b8f.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\b317bd1c.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\b317bd14.msp
+ 2006-06-10 00:29 . 2006-06-10 00:29 19210240 c:\windows\Installer\6da695.msp
+ 2007-07-25 18:10 . 2007-07-25 18:10 15256576 c:\windows\Installer\33037222.msp
+ 2009-10-17 13:21 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-08-06 13:33 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2006-02-20 20:51 . 2006-02-20 20:51 33979904 c:\windows\Downloaded Installations\{00C2E789-F948-4BE1-8167-6E6447DC4CE2}\iPod for Windows 2006-01-10.msi
+ 2009-10-17 13:50 . 2009-10-17 13:50 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-17 14:38 . 2009-10-17 14:38 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-17 14:08 . 2009-10-17 14:08 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-17 13:49 . 2009-10-17 13:49 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-17 13:45 . 2009-10-17 13:45 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-17 13:42 . 2009-10-17 13:42 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-17 13:36 . 2009-10-17 13:36 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-08-06 13:33 . 2009-07-19 13:17 11068416 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:ENG" [X]
"AccuWeatherDesktopAlerts"="c:\program files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe" [2004-11-20 249856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 48800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-12-22 85744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-05-10 94208]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-9-30 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-2-19 221247]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-19 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 22:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
"RetroLauncher"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\HoTTProxy\\HoTTProxy_Admin.exe"=
"c:\\HoTTProxy\\HoTTProxy.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142012130\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142012130\\ee\\aim6.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:ITD Symantec-UDP 2967
"2967:TCP"= 2967:TCP:ITD Symantec-TCP 2967
"38293:UDP"= 38293:UDP:ITD Symantec-UDP 38293
"9201:TCP"= 9201:TCP:9201tcp
"9201:UDP"= 9201:UDP:9201udp
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/12/2006 1:51 PM 3712]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/1/2009 12:13 AM 47640]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/21/2005 9:45 PM 169200]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2/19/2006 1:41 AM 485760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 2:02 PM 102448]
S0 yyrwm;yyrwm;c:\windows\system32\drivers\bummdxf.sys --> c:\windows\system32\drivers\bummdxf.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2007-02-15 c:\windows\Tasks\HoTTProxy.job
- c:\hottproxy\HoTTProxy.exe [2005-10-10 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://owa.intermedia.net/Login.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} - hxxp://www.livetest.com/livetest/taskpages/install/livetest_bar.cab
FF - ProfilePath - c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\Firefox\Profiles\afvlpm6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/
FF - plugin: c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\Firefox\Profiles\afvlpm6a.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - c:\windows\system32\plugie.dll
AddRemove-HijackThis - c:\documents and settings\Richard W. Gilbert\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 01:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-21 1:18
ComboFix-quarantined-files.txt 2009-10-21 05:18
ComboFix2.txt 2009-05-30 16:23
ComboFix3.txt 2009-04-14 13:28

Pre-Run: 181,009,149,952 bytes free
Post-Run: 182,633,230,336 bytes free

- - End Of File - - A5F860E548A1BD4FA7A35D3C4E433F62

#9 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 21 October 2009 - 08:12 AM

The problem with Symantec Auto-Protect constantly quarantining Trojan .tmp files appears to be fixed! However, I am still receiving experiencing some random redirects when clicking on links in FireFox. Any further guidance is appreciated; thanks!

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 21 October 2009 - 09:08 AM

Yes, we still have some more work to do:


Go to http://virusscan.jotti.org
Copy the following line into the white textbox:

c:\windows\wp4.dat

Click Submit.
Please post the results of this scan to this thread.

Do the same for c:\windows\wp3.dat
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 21 October 2009 - 09:44 AM

I can't seem to find either of these files to submit them. The only other thing I did yesterday was to run MBAM, so it is possible that these were already removed? Thanks.

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 21 October 2009 - 09:55 AM

OK, that's fine but as I noted in my first reply it is important that you don't run other tools while I am trying to help you. I need to understand what is going on with the system and if something disappears all of a sudden then I spend needless time looking for it or doing research.


Special ComboFix script made for this computer only

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\bummdxf.sys
Driver::
yyrwm


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 21 October 2009 - 12:03 PM

Very sorry for having run MBAM. I've followed all instructions and here is the new ComboFix Log:


ComboFix 09-10-20.03 - Richard W. Gilbert 10/21/2009 11:22.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.554 [GMT -4:00]
Running from: c:\documents and settings\Richard W. Gilbert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard W. Gilbert\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\drivers\bummdxf.sys"
.
PEV Error: AppFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_yyrwm


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-19 22:48 . 2009-10-19 22:48 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-19 22:48 . 2009-10-19 22:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BayScribe
2009-10-19 22:48 . 2009-10-19 22:48 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-10-19 03:53 . 2009-10-19 03:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-18 20:53 . 2009-10-18 20:53 -------- d-----w- c:\documents and settings\Richard W. Gilbert\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 16:17 . 2009-05-30 15:29 1304864 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-21 15:40 . 2006-02-19 06:17 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-21 15:38 . 2009-05-30 15:29 158420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 15:38 . 2009-05-30 15:29 123212 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-21 15:38 . 2009-05-30 15:29 11755552 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 15:38 . 2009-04-17 06:44 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000003-00001102-00000004-10031102}.dat
2009-10-21 15:38 . 2009-04-17 06:44 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000003-00001102-00000004-10031102}.dat
2009-10-21 04:17 . 2009-03-01 04:13 -------- d-----w- c:\program files\LogMeIn
2009-10-19 02:21 . 2006-08-29 02:32 -------- d-----w- c:\documents and settings\Richard W. Gilbert\Application Data\Canon
2009-10-01 22:30 . 2009-03-01 04:13 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 22:30 . 2009-03-01 04:13 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 22:30 . 2009-03-01 04:13 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-19 03:02 . 2008-09-10 04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 14:18 . 2004-01-22 02:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-09-10 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-10 04:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:38 . 2008-10-17 01:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 13:38 . 2008-10-17 01:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-01-22 02:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 22:25 . 2006-02-19 16:07 -------- d-----w- c:\program files\Qimage
2009-08-29 08:08 . 2005-10-21 17:51 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-01-22 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2006-02-19 05:39 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-02-19 05:39 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2006-02-19 05:39 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-02-19 03:59 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-01-22 02:07 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-02-19 05:39 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-02-19 03:59 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-19 04:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-01-22 02:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 09:23 . 2008-12-28 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-30 15:17 . 2009-05-30 15:17 120 ----a-w- c:\program files\aahb.txt
.

((((((((((((((((((((((((((((( SnapShot_2009-10-21_05.10.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 15:39 . 2009-10-21 15:39 16384 c:\windows\temp\Perflib_Perfdata_458.dat
+ 2006-02-19 04:09 . 2009-10-21 15:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-19 04:09 . 2009-10-21 04:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-19 04:09 . 2009-10-21 04:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-02-19 04:09 . 2009-10-21 15:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-19 03:53 . 2009-10-21 15:39 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-19 03:53 . 2009-10-21 04:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-02-19 04:09 . 2009-10-21 15:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-19 04:09 . 2009-10-21 04:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:ENG" [X]
"AccuWeatherDesktopAlerts"="c:\program files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe" [2004-11-20 249856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 48800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-12-22 85744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-05-10 94208]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-9-30 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-2-19 221247]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-19 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 22:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
"Debugger"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
"RetroLauncher"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\HoTTProxy\\HoTTProxy_Admin.exe"=
"c:\\HoTTProxy\\HoTTProxy.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142012130\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142012130\\ee\\aim6.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:ITD Symantec-UDP 2967
"2967:TCP"= 2967:TCP:ITD Symantec-TCP 2967
"38293:UDP"= 38293:UDP:ITD Symantec-UDP 38293
"9201:TCP"= 9201:TCP:9201tcp
"9201:UDP"= 9201:UDP:9201udp
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/12/2006 1:51 PM 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/1/2009 12:13 AM 47640]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/21/2005 9:45 PM 169200]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2/19/2006 1:41 AM 485760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 2:02 PM 102448]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2007-02-15 c:\windows\Tasks\HoTTProxy.job
- c:\hottproxy\HoTTProxy.exe [2005-10-10 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://owa.intermedia.net/Login.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} - hxxp://www.livetest.com/livetest/taskpages/install/livetest_bar.cab
FF - ProfilePath - c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\Firefox\Profiles\afvlpm6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/
FF - plugin: c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\Firefox\Profiles\afvlpm6a.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Richard W. Gilbert\Application Data\Mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\combofix\CF5865.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 16:26
ComboFix2.txt 2009-05-30 16:23
ComboFix3.txt 2009-04-14 13:28

Pre-Run: 182,597,767,168 bytes free
Post-Run: 182,505,705,472 bytes free

- - End Of File - - 7805FDF9CA45E6544065948684827C9A

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:12 AM

Posted 21 October 2009 - 12:16 PM

I understand you were just trying to get your machine cleaned up and get this thing over with so it was not an end of the world thing.

Are you still getting the redirects?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 epods

epods
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 21 October 2009 - 12:21 PM

Yes, unfortunately! I'm still having redirects in FireFox at this time. Any other ideas? Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users