Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuous Restart on Toshiba Laptop w/ XP Media Version


  • This topic is locked This topic is locked
31 replies to this topic

#1 pcnovice78

pcnovice78

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 07 March 2010 - 02:53 PM

I was surfing the web when a bogus malware notification (I forget the name but it started with 'A') came up. I immediately ran MalwareBytes, it found 1 file (I believe it was Hijack.regedit or something) I clicked Remove Infection and then it said to Reboot. Now comes the problem. I have tried all modes of startup and never get past the Windows screen where it is loading. A blue screen flashes with info on it, but it reboots too quickly to read it. This happens over and over and I cannot load windows. I need a fix and/or a way to save some files/pics etc then I could do a fresh install. Please help. Especially if someone knows how I can get files off the hard drive via the disc drive and then i would just do fresh install thanks

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 07 March 2010 - 03:39 PM

Hello, please try to follow the steps below. I am moving this topic to the malware removal forum so we can used more advanced tools.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 07 March 2010 - 05:34 PM

Thanks for quick response. the OTL.txt info is as follows:

OTL logfile created on: 3/7/2010 5:06:46 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 34.78 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - [2010/02/06 22:25:10 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/09/10 21:51:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/12/20 14:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto] -- -- (zhhjbg)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2010/03/07 13:12:15 | 000,791,552 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\psqzjnh.sys -- (psqzjnh)
DRV - [2010/02/06 22:25:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/06 22:25:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/06 22:25:43 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/07 20:55:43 | 000,028,672 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/04/10 12:36:36 | 000,062,794 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/01/29 20:32:17 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/10/23 20:52:27 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2006/08/04 21:51:33 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/02/20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/12/16 03:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 19:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 14:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/28 01:20:20 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/10 02:31:42 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 05:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/09/07 17:43:02 | 000,084,928 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mgmt.sys -- (z520mgmt)
DRV - [2005/09/07 17:43:02 | 000,082,864 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520obex.sys -- (z520obex)
DRV - [2005/09/07 17:43:00 | 000,093,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mdm.sys -- (z520mdm)
DRV - [2005/09/07 17:42:58 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mdfl.sys -- (z520mdfl)
DRV - [2005/09/07 17:42:56 | 000,057,648 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520bus.sys -- (z520bus) Sony Ericsson 520 driver (WDM)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/04/25 04:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/03/22 05:35:58 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/03/22 05:35:52 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/03/22 05:35:48 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\alyssa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\alyssa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Everyone_Except_Kris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Everyone_Except_Kris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Kris_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Kris_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Kris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/06 22:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/06 22:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/07 13:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/03 07:11:52 | 000,000,000 | ---D | M]

[2010/03/07 13:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/07 13:12:05 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2007/02/01 19:47:37 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/05 17:07:23 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/07 13:12:35 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 96.168.178.115 secure.antimalwaredefender.com
O1 - Hosts: 96.168.178.115 support.antimalwaredefender.com
O1 - Hosts: 95.168.173.24 secure.antimalware-defender.com
O1 - Hosts: 95.168.173.24 support.antimalware-defender.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: ({b152038f-0189-4a61-aadc-0158baafd487}) - {b152038f-0189-4a61-aadc-0158baafd487} - C:\WINDOWS\system32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\alyssa_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Everyone_Except_Kris_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Kris_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Kris_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (tzuk)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (tzuk)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe (tzuk)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\acdaemon.exe (tzuk)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (tzuk)
O4 - HKLM..\Run: [CFSServ.exe] C:\WINDOWS\System32\cfsserv.exe (tzuk)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\dlactrlw.exe (tzuk)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (tzuk)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (tzuk)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (tzuk)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (tzuk)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (tzuk)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (tzuk)
O4 - HKLM..\Run: [NDSTray.exe] C:\WINDOWS\System32\ndstray.exe (tzuk)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\nerocheck.exe (tzuk)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net ()
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (tzuk)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (tzuk)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\smoothview.exe (tzuk)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (tzuk)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\syntpenh.exe (tzuk)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\syntplpr.exe (tzuk)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\tdispvol.exe (tzuk)
O4 - HKLM..\Run: [TFncKy] C:\WINDOWS\System32\tfncky.exe (tzuk)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe (tzuk)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (tzuk)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\tpsmain.exe (tzuk)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\tvstray.exe (tzuk)
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BMUpdate] C:\WINDOWS\system32\bmupdate.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Kris\Application Data\SystemProc\lsass.exe (Microsoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\alyssa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Everyone_Except_Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (app_dll.dll) - C:\WINDOWS\System32\app_dll.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 10:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll) - C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 17:04:36 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/07 17:03:11 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/07 17:03:10 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/07 13:23:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kris\Recent
[2010/03/07 13:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/07 13:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/07 13:12:55 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\cfsserv.exe
[2010/03/07 13:12:46 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\ndstray.exe
[2010/03/07 13:12:45 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/03/07 13:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/07 13:12:38 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\tfncky.exe
[2010/03/07 13:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Antimalware Defender
[2010/03/07 13:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server
[2010/03/07 13:12:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kris\Application Data\SystemProc
[2010/03/07 13:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
[2010/02/19 21:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\heatafterheat
[2010/02/19 21:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\DJ Smallz-Dirty R&B 14-2006- The Pirate Bay
[2010/02/19 21:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\DJ Finesse - Candy Paint R&B (2006) - R&B By FEFE2003
[2010/02/19 21:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Corinne Bailey Rae - Corinne Bailey Rae (CN Ver 2006) - Pop [www.torrentazos.com]
[2010/02/19 21:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Bob Seger - Face The Promise (2006) - Rock [www.torrentazos.com]
[2010/02/19 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\American Recordings Collection
[2010/02/19 21:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Akon - Konvicted (2006) - R&B [www.torrentazos.com]
[2010/02/19 21:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\2005 Walk The Line
[2010/02/19 21:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\John Legend - Once Again (2006) - R&B [www.torrentazos.com]
[2010/02/07 14:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\AVG Security Toolbar
[2010/02/06 22:25:53 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/06 22:25:52 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/06 22:25:45 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/06 22:25:43 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/06 22:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/06 22:05:11 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kris\My Documents\avg_free_stb_all_9_40_cnet.exe
[2006/02/15 11:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 17:08:53 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 17:05:53 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/07 13:23:44 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/07 13:23:44 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/07 13:23:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 13:23:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 13:23:18 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Kris\NTUSER.DAT
[2010/03/07 13:23:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kris\ntuser.ini
[2010/03/07 13:23:10 | 002,111,052 | -H-- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\IconCache.db
[2010/03/07 13:13:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/07 13:13:01 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\igfxpers.exe
[2010/03/07 13:13:00 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\hkcmd.exe
[2010/03/07 13:12:59 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\igfxtray.exe
[2010/03/07 13:12:55 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\cfsserv.exe
[2010/03/07 13:12:48 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tpsmain.exe
[2010/03/07 13:12:46 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\ndstray.exe
[2010/03/07 13:12:45 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/03/07 13:12:39 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tdispvol.exe
[2010/03/07 13:12:38 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tfncky.exe
[2010/03/07 13:12:38 | 000,000,118 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:38 | 000,000,118 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:35 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\bmupdate.exe
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Kris\Start Menu\Programs\Startup\b152038f-0189-4a6c-aadc-0158baafd487_26.lnk
[2010/03/07 13:12:35 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\Antimalware Defender.lnk
[2010/03/07 13:12:34 | 000,996,864 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | M] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:15 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\psqzjnh.sys
[2010/03/07 13:11:31 | 000,057,742 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/03/07 10:39:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\prvlcl.dat
[2010/03/07 10:39:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
[2010/03/07 08:22:00 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/05 23:10:50 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2010/03/05 22:59:08 | 1600,180,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 20:58:32 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryns Fried Plaintain Recipe.doc
[2010/03/04 20:57:54 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn Mand1.doc
[2010/03/04 12:27:51 | 000,025,196 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\view1PrintableReport.jsp.htm
[2010/03/04 12:27:26 | 000,030,817 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\creditsingle.htm
[2010/03/04 12:19:55 | 000,007,285 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\productView1.ehtml.htm
[2010/03/04 12:18:19 | 000,006,678 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\prepareForView.ehtml.htm
[2010/03/04 12:14:46 | 000,047,924 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\FullReport.do.htm
[2010/03/04 12:12:34 | 000,037,401 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\viewPrintableReport.jsp.htm
[2010/03/02 22:12:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Missy1.doc
[2010/03/02 20:27:52 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Canada.doc
[2010/02/27 10:14:31 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Netflix Invoice Feb2010.doc
[2010/02/27 10:04:33 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicefebruary10.doc
[2010/02/27 10:02:53 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicejanuary10.doc
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/23 22:00:58 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Atherton High Schoo1.doc
[2010/02/22 22:08:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/22 21:12:46 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's Spanish Sentences.doc
[2010/02/21 20:58:02 | 000,561,152 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's spanish project feb. 2010.doc
[2010/02/20 23:19:45 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Black History Month means to me praising all the people who stood up to racism or invented things.doc
[2010/02/20 19:58:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\El presidente de República de Colombia es Álvaro Uribe.doc
[2010/02/18 22:04:31 | 003,625,984 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\TigerProject.ppt
[2010/02/18 20:41:31 | 000,108,149 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\800px-P.t.altaica_Tomak_Male.jpg
[2010/02/17 07:06:08 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\king tut.doc
[2010/02/13 19:27:53 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 19:30:42 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Haiti jail.doc
[2010/02/06 22:25:53 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/06 22:25:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/06 22:25:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/06 22:25:43 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/06 22:25:43 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/06 22:25:33 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/06 22:25:33 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/06 22:25:33 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/06 22:05:12 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kris\My Documents\avg_free_stb_all_9_40_cnet.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 17:03:11 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/07 17:03:11 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/07 17:03:11 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/07 17:03:11 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/07 17:03:11 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/07 17:03:11 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/07 17:03:11 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/07 17:03:11 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/07 17:03:11 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/07 17:03:11 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/07 17:03:11 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/07 17:03:11 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/07 17:03:11 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/07 17:03:11 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/07 17:03:11 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/07 17:03:11 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/07 17:03:11 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/07 13:13:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/07 13:12:38 | 000,000,118 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:38 | 000,000,118 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Kris\Start Menu\Programs\Startup\b152038f-0189-4a6c-aadc-0158baafd487_26.lnk
[2010/03/07 13:12:35 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Kris\Desktop\Antimalware Defender.lnk
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:15 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psqzjnh.sys
[2010/03/07 13:11:31 | 000,057,742 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2010/03/04 20:58:32 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryns Fried Plaintain Recipe.doc
[2010/03/04 20:57:53 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn Mand1.doc
[2010/03/04 12:27:49 | 000,025,196 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\view1PrintableReport.jsp.htm
[2010/03/04 12:27:25 | 000,030,817 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\creditsingle.htm
[2010/03/04 12:19:54 | 000,007,285 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\productView1.ehtml.htm
[2010/03/04 12:18:18 | 000,006,678 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\prepareForView.ehtml.htm
[2010/03/04 12:14:45 | 000,047,924 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\FullReport.do.htm
[2010/03/04 12:12:32 | 000,037,401 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\viewPrintableReport.jsp.htm
[2010/03/02 21:39:57 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Missy1.doc
[2010/03/02 20:11:51 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Canada.doc
[2010/02/27 10:14:30 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Netflix Invoice Feb2010.doc
[2010/02/27 10:04:33 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicefebruary10.doc
[2010/02/27 10:02:53 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicejanuary10.doc
[2010/02/25 21:36:52 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\El president de Colombia es Álvaro Uribe Vélez.doc
[2010/02/23 22:00:57 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Atherton High Schoo1.doc
[2010/02/22 20:12:23 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's Spanish Sentences.doc
[2010/02/20 22:54:18 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Black History Month means to me praising all the people who stood up to racism or invented things.doc
[2010/02/20 20:17:56 | 000,561,152 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's spanish project feb. 2010.doc
[2010/02/20 19:58:06 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\El presidente de República de Colombia es Álvaro Uribe.doc
[2010/02/19 21:35:56 | 105,944,702 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Jonny Cash - The Essential Johnny Cash 1955-1983.MP3
[2010/02/19 21:35:56 | 006,267,068 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\India Arie feat. Akon - I'm Not My Hair [Remix].mp3
[2010/02/19 21:35:54 | 008,573,317 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Guns N Roses - November Rain.mp3
[2010/02/19 21:35:54 | 006,259,484 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Greenday - Boulevard Of Broken Dreams.mp3
[2010/02/19 21:35:53 | 006,953,880 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Field Mob feat. Ciara - So What.mp3
[2010/02/19 21:35:52 | 006,616,483 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Ciara Ft. Ludacris - Oh.mp3
[2010/02/19 21:35:50 | 010,350,720 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Ciara Feat. Petey Pablo - Goodies (Funkymix 78).mp3
[2010/02/19 21:35:50 | 005,953,411 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Chamillionaire - Riding Dirty.mp3
[2010/02/19 21:35:49 | 007,486,486 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Busta Rhymes feat. Kelis & Will.I.Am - I Love My Chick (dirty).mp3
[2010/02/19 21:35:49 | 001,242,435 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\22-the_notorious_b.i.g.-love_is_everlasting_(outro).mp3
[2010/02/19 21:35:48 | 005,831,674 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\21-the_notorious_b.i.g.-wake_up_now_(feat_korn).mp3
[2010/02/19 21:35:47 | 005,899,514 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\20-the_notorious_b.i.g.-just_a_memory_(feat_the_clipse).mp3
[2010/02/18 20:41:30 | 000,108,149 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\800px-P.t.altaica_Tomak_Male.jpg
[2010/02/17 20:47:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\prvlcl.dat
[2010/02/17 07:03:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\king tut.doc
[2010/02/15 19:37:29 | 003,625,984 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\TigerProject.ppt
[2010/02/11 19:17:28 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Haiti jail.doc
[2010/02/06 22:25:43 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/06 22:25:33 | 056,819,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/06 22:25:33 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/06 22:25:33 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/06 22:25:32 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/25 11:23:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2009/01/10 16:15:19 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/10 16:15:17 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/27 14:18:31 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/07/24 15:49:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
[2008/05/24 04:55:00 | 003,614,208 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/05/24 04:55:00 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/24 04:55:00 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/05/24 04:55:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/05/24 04:55:00 | 000,455,680 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/24 04:55:00 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/05/24 04:55:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/24 04:55:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/05/24 04:55:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/05/24 04:55:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/05/24 04:55:00 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/05/24 04:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/24 04:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/05/24 04:55:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/05/24 04:55:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/05/24 04:55:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/05/24 04:55:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/05/24 04:55:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/05/24 04:55:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/29 10:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 10:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 10:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 10:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 10:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 10:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 10:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 10:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 10:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 10:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 10:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/03/21 15:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/11/17 17:38:04 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/06 08:39:33 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\fusioncache.dat
[2007/06/28 13:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/20 18:15:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/04/09 14:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/03/16 19:04:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/16 14:57:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\alyssa\Local Settings\Application Data\fusioncache.dat
[2007/02/06 23:47:13 | 000,000,603 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/06 23:05:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/02/06 22:12:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dotnetlib.dll
[2007/01/10 19:09:07 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\HPCOM_48BitScanUpdate.log
[2007/01/10 19:09:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/27 20:01:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/23 13:03:25 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/10/28 12:48:58 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/06 19:53:51 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\wklnhst.dat
[2006/08/05 20:16:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/05 10:20:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\fusioncache.dat
[2006/06/05 22:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 23:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/17 04:57:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/02/16 10:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 04:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 04:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 04:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 04:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 04:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 11:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 11:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 11:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 11:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 11:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 11:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 11:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 11:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 11:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 10:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 10:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 09:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/03 17:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2007/05/13 19:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\Common Files
[2007/03/16 14:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\Teleca
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\toshiba
[2008/05/29 08:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\EA
[2007/10/09 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\Sony
[2007/10/06 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\Teleca
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\toshiba
[2010/03/05 23:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\BitTorrent
[2010/03/07 13:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
[2010/03/07 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DNA
[2008/05/28 17:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\EA
[2008/11/09 17:35:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kris\Application Data\ijjigame
[2006/12/25 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\InterVideo
[2007/07/09 18:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Opera
[2009/12/15 13:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Skinux
[2007/07/08 17:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Sony
[2010/03/07 13:12:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Kris\Application Data\SystemProc
[2009/10/27 19:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\SystemRequirementsLab
[2006/11/19 22:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Teleca
[2006/08/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Template
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\toshiba
[2007/05/28 20:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Uniblue
[2010/01/07 21:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\W Photo Studio Viewer
[2006/08/08 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\WildTangent
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/02/22 22:08:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2006/08/04 21:50:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========


< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 08 March 2010 - 02:52 AM

Good news, I found the problem, however, unfortunately you have a nasty rootkit infection, so please consider the following first...

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please re-run OTLPE and copy/paste the text in the codebox below into the "custom scan/fix" field and click "run scan"
CODE
/md5start
atapi.sys
beep.sys
/md5stop
Post me the log afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 08 March 2010 - 07:53 AM

Thanks so much for the advice. Would it be safe to get the computer off the internet, make a disk of some files I need and then do a fresh install?? Just wondering cause I do need some work files and pictures of family off the computer before wiping the hard drive.

OTL logfile created on: 3/8/2010 7:44:59 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 34.78 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
Drive D: | 1003.01 Mb Total Space | 1002.18 Mb Free Space | 99.92% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - [2010/02/06 22:25:10 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/09/10 21:51:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/12/20 14:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto] -- -- (zhhjbg)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2010/03/07 13:12:15 | 000,791,552 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\psqzjnh.sys -- (psqzjnh)
DRV - [2010/02/06 22:25:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/06 22:25:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/06 22:25:43 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/07 20:55:43 | 000,028,672 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/04/10 12:36:36 | 000,062,794 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/01/29 20:32:17 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/10/23 20:52:27 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2006/08/04 21:51:33 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/02/20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/12/16 03:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 19:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 14:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/28 01:20:20 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/10 02:31:42 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 05:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/09/07 17:43:02 | 000,084,928 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mgmt.sys -- (z520mgmt)
DRV - [2005/09/07 17:43:02 | 000,082,864 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520obex.sys -- (z520obex)
DRV - [2005/09/07 17:43:00 | 000,093,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mdm.sys -- (z520mdm)
DRV - [2005/09/07 17:42:58 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520mdfl.sys -- (z520mdfl)
DRV - [2005/09/07 17:42:56 | 000,057,648 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\z520bus.sys -- (z520bus) Sony Ericsson 520 driver (WDM)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/04/25 04:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/03/22 05:35:58 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/03/22 05:35:52 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/03/22 05:35:48 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\alyssa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\alyssa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Everyone_Except_Kris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Everyone_Except_Kris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Kris_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Kris_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Kris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/06 22:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/06 22:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/07 13:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/03 07:11:52 | 000,000,000 | ---D | M]

[2010/03/07 13:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/07 13:12:05 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2007/02/01 19:47:37 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/05 17:07:23 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/07 13:12:35 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 96.168.178.115 secure.antimalwaredefender.com
O1 - Hosts: 96.168.178.115 support.antimalwaredefender.com
O1 - Hosts: 95.168.173.24 secure.antimalware-defender.com
O1 - Hosts: 95.168.173.24 support.antimalware-defender.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: ({b152038f-0189-4a61-aadc-0158baafd487}) - {b152038f-0189-4a61-aadc-0158baafd487} - C:\WINDOWS\system32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\alyssa_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Everyone_Except_Kris_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Kris_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Kris_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (tzuk)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (tzuk)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe (tzuk)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\acdaemon.exe (tzuk)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (tzuk)
O4 - HKLM..\Run: [CFSServ.exe] C:\WINDOWS\System32\cfsserv.exe (tzuk)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\dlactrlw.exe (tzuk)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (tzuk)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (tzuk)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (tzuk)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (tzuk)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (tzuk)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (tzuk)
O4 - HKLM..\Run: [NDSTray.exe] C:\WINDOWS\System32\ndstray.exe (tzuk)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\nerocheck.exe (tzuk)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net ()
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (tzuk)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (tzuk)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\smoothview.exe (tzuk)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (tzuk)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\syntpenh.exe (tzuk)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\syntplpr.exe (tzuk)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\tdispvol.exe (tzuk)
O4 - HKLM..\Run: [TFncKy] C:\WINDOWS\System32\tfncky.exe (tzuk)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe (tzuk)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (tzuk)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\tpsmain.exe (tzuk)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\tvstray.exe (tzuk)
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (tzuk)
O4 - HKU\alyssa_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (tzuk)
O4 - HKU\Everyone_Except_Kris_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [BMUpdate] C:\WINDOWS\system32\bmupdate.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (tzuk)
O4 - HKU\Kris_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (tzuk)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Kris\Application Data\SystemProc\lsass.exe (Microsoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\alyssa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Everyone_Except_Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (app_dll.dll) - C:\WINDOWS\System32\app_dll.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 10:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll) - C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 17:04:36 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/07 17:03:11 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/07 17:03:10 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/07 17:03:10 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/07 17:03:10 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/07 13:23:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kris\Recent
[2010/03/07 13:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/07 13:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/07 13:12:55 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\cfsserv.exe
[2010/03/07 13:12:46 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\ndstray.exe
[2010/03/07 13:12:45 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/03/07 13:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/07 13:12:38 | 000,061,952 | ---- | C] (tzuk) -- C:\WINDOWS\System32\tfncky.exe
[2010/03/07 13:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Antimalware Defender
[2010/03/07 13:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server
[2010/03/07 13:12:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kris\Application Data\SystemProc
[2010/03/07 13:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
[2010/02/19 21:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\heatafterheat
[2010/02/19 21:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\DJ Smallz-Dirty R&B 14-2006- The Pirate Bay
[2010/02/19 21:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\DJ Finesse - Candy Paint R&B (2006) - R&B By FEFE2003
[2010/02/19 21:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Corinne Bailey Rae - Corinne Bailey Rae (CN Ver 2006) - Pop [www.torrentazos.com]
[2010/02/19 21:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Bob Seger - Face The Promise (2006) - Rock [www.torrentazos.com]
[2010/02/19 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\American Recordings Collection
[2010/02/19 21:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\Akon - Konvicted (2006) - R&B [www.torrentazos.com]
[2010/02/19 21:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\2005 Walk The Line
[2010/02/19 21:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\My Documents\John Legend - Once Again (2006) - R&B [www.torrentazos.com]
[2010/02/07 14:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\AVG Security Toolbar
[2010/02/06 22:25:53 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/06 22:25:52 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/06 22:25:45 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/06 22:25:43 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/06 22:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/06 22:05:11 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kris\My Documents\avg_free_stb_all_9_40_cnet.exe
[2006/02/15 11:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 18:24:52 | 000,001,364 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/07 17:13:03 | 000,001,251 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/07 17:08:53 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 17:05:53 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/07 13:23:44 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/07 13:23:44 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/07 13:23:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 13:23:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 13:23:18 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Kris\NTUSER.DAT
[2010/03/07 13:23:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kris\ntuser.ini
[2010/03/07 13:23:10 | 002,111,052 | -H-- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\IconCache.db
[2010/03/07 13:13:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/07 13:13:01 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\igfxpers.exe
[2010/03/07 13:13:00 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\hkcmd.exe
[2010/03/07 13:12:59 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\igfxtray.exe
[2010/03/07 13:12:55 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\cfsserv.exe
[2010/03/07 13:12:48 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tpsmain.exe
[2010/03/07 13:12:46 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\ndstray.exe
[2010/03/07 13:12:45 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/03/07 13:12:39 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tdispvol.exe
[2010/03/07 13:12:38 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\tfncky.exe
[2010/03/07 13:12:38 | 000,000,118 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:38 | 000,000,118 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:35 | 000,061,952 | ---- | M] (tzuk) -- C:\WINDOWS\System32\bmupdate.exe
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Kris\Start Menu\Programs\Startup\b152038f-0189-4a6c-aadc-0158baafd487_26.lnk
[2010/03/07 13:12:35 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\Antimalware Defender.lnk
[2010/03/07 13:12:34 | 000,996,864 | -HS- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | M] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | M] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:15 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\psqzjnh.sys
[2010/03/07 13:11:31 | 000,057,742 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/03/07 10:39:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\prvlcl.dat
[2010/03/07 10:39:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
[2010/03/07 08:22:00 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/05 23:10:50 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2010/03/05 22:59:08 | 1600,180,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 20:58:32 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryns Fried Plaintain Recipe.doc
[2010/03/04 20:57:54 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn Mand1.doc
[2010/03/04 12:27:51 | 000,025,196 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\view1PrintableReport.jsp.htm
[2010/03/04 12:27:26 | 000,030,817 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\creditsingle.htm
[2010/03/04 12:19:55 | 000,007,285 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\productView1.ehtml.htm
[2010/03/04 12:18:19 | 000,006,678 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\prepareForView.ehtml.htm
[2010/03/04 12:14:46 | 000,047,924 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\FullReport.do.htm
[2010/03/04 12:12:34 | 000,037,401 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\viewPrintableReport.jsp.htm
[2010/03/02 22:12:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Missy1.doc
[2010/03/02 20:27:52 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Canada.doc
[2010/02/27 10:14:31 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Netflix Invoice Feb2010.doc
[2010/02/27 10:04:33 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicefebruary10.doc
[2010/02/27 10:02:53 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicejanuary10.doc
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/23 22:00:58 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Atherton High Schoo1.doc
[2010/02/22 22:08:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/22 21:12:46 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's Spanish Sentences.doc
[2010/02/21 20:58:02 | 000,561,152 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's spanish project feb. 2010.doc
[2010/02/20 23:19:45 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Black History Month means to me praising all the people who stood up to racism or invented things.doc
[2010/02/20 19:58:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\El presidente de República de Colombia es Álvaro Uribe.doc
[2010/02/18 22:04:31 | 003,625,984 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\TigerProject.ppt
[2010/02/18 20:41:31 | 000,108,149 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\800px-P.t.altaica_Tomak_Male.jpg
[2010/02/17 07:06:08 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\king tut.doc
[2010/02/13 19:27:53 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 19:30:42 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Haiti jail.doc
[2010/02/06 22:25:53 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/06 22:25:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/06 22:25:46 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/06 22:25:43 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/06 22:25:43 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/06 22:25:33 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/06 22:25:33 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/06 22:25:33 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/06 22:05:12 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kris\My Documents\avg_free_stb_all_9_40_cnet.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 17:03:11 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/07 17:03:11 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/07 17:03:11 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/07 17:03:11 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/07 17:03:11 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/07 17:03:11 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/07 17:03:11 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/07 17:03:11 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/07 17:03:11 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/07 17:03:11 | 000,001,364 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/07 17:03:11 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/07 17:03:11 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/07 17:03:11 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/07 17:03:11 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/07 17:03:11 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/07 17:03:11 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/07 17:03:11 | 000,001,251 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/07 13:13:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/07 13:12:38 | 000,000,118 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:38 | 000,000,118 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_.mkv
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.ico
[2010/03/07 13:12:35 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Kris\Start Menu\Programs\Startup\b152038f-0189-4a6c-aadc-0158baafd487_26.lnk
[2010/03/07 13:12:35 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Kris\Desktop\Antimalware Defender.lnk
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\WINDOWS\System32\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:33 | 000,996,864 | -HS- | C] () -- C:\Documents and Settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi
[2010/03/07 13:12:15 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psqzjnh.sys
[2010/03/07 13:11:31 | 000,057,742 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2010/03/04 20:58:32 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryns Fried Plaintain Recipe.doc
[2010/03/04 20:57:53 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn Mand1.doc
[2010/03/04 12:27:49 | 000,025,196 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\view1PrintableReport.jsp.htm
[2010/03/04 12:27:25 | 000,030,817 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\creditsingle.htm
[2010/03/04 12:19:54 | 000,007,285 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\productView1.ehtml.htm
[2010/03/04 12:18:18 | 000,006,678 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\prepareForView.ehtml.htm
[2010/03/04 12:14:45 | 000,047,924 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\FullReport.do.htm
[2010/03/04 12:12:32 | 000,037,401 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\viewPrintableReport.jsp.htm
[2010/03/02 21:39:57 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Missy1.doc
[2010/03/02 20:11:51 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Canada.doc
[2010/02/27 10:14:30 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Netflix Invoice Feb2010.doc
[2010/02/27 10:04:33 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicefebruary10.doc
[2010/02/27 10:02:53 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\tpinvoicejanuary10.doc
[2010/02/25 21:36:52 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\El president de Colombia es Álvaro Uribe Vélez.doc
[2010/02/23 22:00:57 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Atherton High Schoo1.doc
[2010/02/22 20:12:23 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's Spanish Sentences.doc
[2010/02/20 22:54:18 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Black History Month means to me praising all the people who stood up to racism or invented things.doc
[2010/02/20 20:17:56 | 000,561,152 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Lauryn's spanish project feb. 2010.doc
[2010/02/20 19:58:06 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\El presidente de República de Colombia es Álvaro Uribe.doc
[2010/02/19 21:35:56 | 105,944,702 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Jonny Cash - The Essential Johnny Cash 1955-1983.MP3
[2010/02/19 21:35:56 | 006,267,068 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\India Arie feat. Akon - I'm Not My Hair [Remix].mp3
[2010/02/19 21:35:54 | 008,573,317 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Guns N Roses - November Rain.mp3
[2010/02/19 21:35:54 | 006,259,484 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Greenday - Boulevard Of Broken Dreams.mp3
[2010/02/19 21:35:53 | 006,953,880 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Field Mob feat. Ciara - So What.mp3
[2010/02/19 21:35:52 | 006,616,483 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Ciara Ft. Ludacris - Oh.mp3
[2010/02/19 21:35:50 | 010,350,720 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Ciara Feat. Petey Pablo - Goodies (Funkymix 78).mp3
[2010/02/19 21:35:50 | 005,953,411 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Chamillionaire - Riding Dirty.mp3
[2010/02/19 21:35:49 | 007,486,486 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Busta Rhymes feat. Kelis & Will.I.Am - I Love My Chick (dirty).mp3
[2010/02/19 21:35:49 | 001,242,435 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\22-the_notorious_b.i.g.-love_is_everlasting_(outro).mp3
[2010/02/19 21:35:48 | 005,831,674 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\21-the_notorious_b.i.g.-wake_up_now_(feat_korn).mp3
[2010/02/19 21:35:47 | 005,899,514 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\20-the_notorious_b.i.g.-just_a_memory_(feat_the_clipse).mp3
[2010/02/18 20:41:30 | 000,108,149 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\800px-P.t.altaica_Tomak_Male.jpg
[2010/02/17 20:47:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\prvlcl.dat
[2010/02/17 07:03:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\king tut.doc
[2010/02/15 19:37:29 | 003,625,984 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\TigerProject.ppt
[2010/02/11 19:17:28 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Kris\My Documents\Haiti jail.doc
[2010/02/06 22:25:43 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/06 22:25:33 | 056,819,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/06 22:25:33 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/06 22:25:33 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/06 22:25:32 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/25 11:23:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2009/01/10 16:15:19 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/10 16:15:17 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/27 14:18:31 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/07/24 15:49:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
[2008/05/24 04:55:00 | 003,614,208 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/05/24 04:55:00 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/24 04:55:00 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/05/24 04:55:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/05/24 04:55:00 | 000,455,680 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/24 04:55:00 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/05/24 04:55:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/24 04:55:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/05/24 04:55:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/05/24 04:55:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/05/24 04:55:00 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/05/24 04:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/24 04:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/05/24 04:55:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/05/24 04:55:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/05/24 04:55:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/05/24 04:55:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/05/24 04:55:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/05/24 04:55:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/29 10:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 10:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 10:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 10:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 10:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 10:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 10:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 10:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 10:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 10:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 10:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/03/21 15:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/11/17 17:38:04 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/06 08:39:33 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Everyone_Except_Kris\Local Settings\Application Data\fusioncache.dat
[2007/06/28 13:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/20 18:15:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/04/09 14:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/03/16 19:04:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/16 14:57:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\alyssa\Local Settings\Application Data\fusioncache.dat
[2007/02/06 23:47:13 | 000,000,603 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/06 23:05:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/02/06 22:12:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dotnetlib.dll
[2007/01/10 19:09:07 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\HPCOM_48BitScanUpdate.log
[2007/01/10 19:09:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/27 20:01:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/23 13:03:25 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/10/28 12:48:58 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/06 19:53:51 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\wklnhst.dat
[2006/08/05 20:16:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/05 10:20:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\fusioncache.dat
[2006/06/05 22:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 23:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/17 04:57:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/02/16 10:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 04:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 04:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 04:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 04:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 04:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 11:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 11:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 11:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 11:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 11:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 11:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 11:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 11:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 11:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 10:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 10:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 09:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/03 17:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2007/05/13 19:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\Common Files
[2007/03/16 14:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\Teleca
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alyssa\Application Data\toshiba
[2008/05/29 08:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\EA
[2007/10/09 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\Sony
[2007/10/06 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\Teleca
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Everyone_Except_Kris\Application Data\toshiba
[2010/03/05 23:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\BitTorrent
[2010/03/07 13:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
[2010/03/07 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DNA
[2008/05/28 17:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\EA
[2008/11/09 17:35:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kris\Application Data\ijjigame
[2006/12/25 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\InterVideo
[2007/07/09 18:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Opera
[2009/12/15 13:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Skinux
[2007/07/08 17:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Sony
[2010/03/07 13:12:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Kris\Application Data\SystemProc
[2009/10/27 19:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\SystemRequirementsLab
[2006/11/19 22:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Teleca
[2006/08/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Template
[2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\toshiba
[2007/05/28 20:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Uniblue
[2010/01/07 21:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\W Photo Studio Viewer
[2006/08/08 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\WildTangent
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/02/22 22:08:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2006/08/04 21:50:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/29 09:48:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/29 09:48:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=A8CE8BE154F22D3E1F3AB2F0B65CC76A -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\cache\beep.sys
< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 08 March 2010 - 08:40 AM

Well first of all lets get this computer booting again smile.gif

The following fix should take care of that. If you need to back up data, I recommend to make sure its reasonably clean first, to minimalize the chance of infecting any backups.

Copy/paste the text in the codebox below into OTLPE and click "run scan". Afterwards let me know if you can boot and if so, how things are running.
CODE
:services
zhhjbg
psqzjnh

:files
C:\WINDOWS\system32\drivers\psqzjnh.sys
c:\windows\system32\drivers\beep.sys|C:\WINDOWS\system32\dllcache\cache\beep.sys /replace
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:otl
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net ()
O7 - HKU\Kris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - AppInit_DLLs: (app_dll.dll) - C:\WINDOWS\System32\app_dll.dll ()
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll) - C:\Documents and Settings\Kris\Local Settings\Application Data\Windows Server\mlthnj.dll ()
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/07 13:13:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/07 13:13:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

:commands
[resethosts]
[emptytemp]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 08 March 2010 - 03:19 PM

I have to say my favorite Beethoven piece if Fur Elise and now I know why, you have truly saved me. I do want to note that I had to click "Run Fix" in OTLPE after "Run Scan" didn't work with your code in the box. The version of OTLPE I have has both buttons. Computer booted up fine, still had AntiMalware Defender on it, but I downloaded and ran Malware Bytes. I did notice that I could not update the MalwareBytes, so I saved the log that the scan produced and hoped you could check it to make sure I am as clean as I can be. Thanks again so much. I hope this is all I need. Could you also recommend either a partition set-up or something to protect my files in the future if I have to reformat partition C: because of a virus or something (can I even do that? I am such a novice). Thanks

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/8/2010 12:48:10 PM
mbam-log-2010-03-08 (12-48-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 252593
Time elapsed: 1 hour(s), 2 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Kris\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kris\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\myapplicat\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03082010_112940\C_WINDOWS\system32\drivers\psqzjnh.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kris\Local Settings\temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 08 March 2010 - 03:53 PM

Thanks for your kind words, I really appreciate that smile.gif

ohmy.gif I can't believe I actually typed "run scan", sorry about that!

Its very difficult to set up a partition in such a way you have only windows there and no programs or personal data whatsoever, many programs "want" to stay on the same partition as windows.
To avoid having to reformat, its much better to prevent than to cure smile.gif Once you are cleaned up, I'll give you some more advice on that.

I think we need to do a bit of additional cleanup here...

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by elise025, 08 March 2010 - 03:55 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 08 March 2010 - 04:57 PM

Had to break it into 2 parts cause it was too long, hope you have good news for me after reading smile.gif

ComboFix 10-03-08.01 - Kris 03/08/2010 16:37:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1087 [GMT -5:00]
Running from: c:\documents and settings\Kris\Desktop\getusucka.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\All Users\Start Menu\Programs\Antimalware Defender
c:\documents and settings\All Users\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
c:\documents and settings\Kris\agrsmmsg .exe
c:\documents and settings\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.lnk
c:\documents and settings\Kris\Application Data\SystemProc
c:\documents and settings\Kris\cfsserv .exe
c:\documents and settings\Kris\Desktop\Antimalware Defender.lnk
c:\documents and settings\Kris\ndstray .exe
c:\documents and settings\Kris\Start Menu\Programs\Antimalware Defender
c:\documents and settings\Kris\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
c:\documents and settings\Kris\Start Menu\Programs\Antimalware Defender\Uninstall Antimalware Defender.lnk
c:\documents and settings\Kris\tdispvol .exe
c:\documents and settings\Kris\tfncky .exe
c:\documents and settings\Kris\tpsmain .exe
c:\program files\Adobe\137532343.old
c:\program files\Adobe\184078.old
c:\program files\Adobe\acrotray .exe
c:\program files\Antimalware Defender
c:\program files\Antimalware Defender\Antimalware Defender.dll
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\system32\app_dll.dll
c:\windows\system32\bmupdate .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\tdispvol .exe
c:\windows\system32\tfncky .exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 16:36 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\cfsserv.exe
2010-03-08 16:35 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\tpsmain.exe
2010-03-08 16:35 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\ndstray.exe
2010-03-08 16:35 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\agrsmmsg.exe
2010-03-08 16:35 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\tdispvol.exe
2010-03-08 16:35 . 2010-03-08 21:32 61952 ----a-w- c:\documents and settings\Kris\tfncky.exe
2010-03-08 16:30 . 2010-02-26 16:33 545792 ----a-r- C:\OTLPE.exe
2010-03-08 16:29 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-03-08 16:29 . 2010-03-08 16:29 -------- d-----w- C:\_OTL
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\cfsserv.exe
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\ndstray.exe
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\agrsmmsg.exe
2010-03-07 18:12 . 2010-03-08 18:01 61952 ----a-w- c:\windows\system32\tfncky.exe
2010-03-07 18:12 . 2010-03-08 16:29 -------- d-----w- c:\documents and settings\Kris\Local Settings\Application Data\Windows Server
2010-03-07 18:11 . 2010-03-07 18:12 933888 ----a-w- c:\documents and settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1\dbf70700.exe
2010-03-07 18:11 . 2010-03-07 18:11 -------- d-----w- c:\documents and settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
2010-03-04 12:29 . 2010-03-04 12:30 20829680 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-04 12:29 . 2010-03-04 12:29 8405312 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-04 12:29 . 2010-03-04 12:29 149000 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-04 12:28 . 2010-03-04 12:29 10309448 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-04 12:28 . 2010-03-04 12:28 283280 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-04 12:28 . 2010-03-04 12:28 181768 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-04 12:28 . 2010-03-04 12:28 79368 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-04 12:28 . 2010-03-04 12:28 64000 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-04 12:28 . 2010-03-04 12:28 52288 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-04 12:28 . 2010-03-04 12:28 50688 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-04 12:28 . 2010-03-04 12:28 49152 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-04 12:28 . 2010-03-04 12:28 118784 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-04 04:27 . 2010-03-04 04:27 439816 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\setup.exe
2010-02-18 01:47 . 2010-03-07 15:39 0 ----a-w- c:\documents and settings\Kris\Local Settings\Application Data\prvlcl.dat
2010-02-07 19:26 . 2010-02-04 23:46 52224 ----a-w- c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-07 19:26 . 2010-02-04 23:46 101376 ----a-w- c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:35 . 2009-12-15 03:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-08 21:32 . 2009-01-29 05:03 -------- d-----w- c:\program files\QuickTime
2010-03-08 21:32 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxpers.exe
2010-03-08 21:32 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\hkcmd.exe
2010-03-08 21:32 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxtray.exe
2010-03-08 21:32 . 2006-02-15 16:28 -------- d-----w- c:\program files\ltmoh
2010-03-08 21:32 . 2008-05-11 01:48 -------- d-----w- c:\program files\DNA
2010-03-08 21:31 . 2009-10-25 16:23 61952 ----a-w- c:\windows\system32\bmupdate.exe
2010-03-08 21:31 . 2008-05-11 01:48 -------- d-----w- c:\documents and settings\Kris\Application Data\DNA
2010-03-08 21:31 . 2008-05-11 01:48 -------- d-----w- c:\program files\BitTorrent
2010-03-08 21:31 . 2007-01-30 01:36 -------- d-----w- c:\program files\DAEMON Tools
2010-03-08 21:31 . 2006-09-10 17:30 -------- d-----w- c:\documents and settings\Kris\Application Data\BitTorrent
2010-03-08 21:27 . 2009-11-11 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-08 18:01 . 2009-08-29 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 18:01 . 2006-02-25 04:28 61952 ----a-w- c:\windows\system32\tdispvol.exe
2010-03-07 15:39 . 2008-07-24 20:49 0 ----a-w- c:\documents and settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
2010-03-03 12:11 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 05:44 . 2009-10-28 19:40 -------- d-----w- c:\program files\AruaROSE
2010-01-24 17:17 . 2010-01-24 17:17 -------- d-----w- c:\program files\Paint.NET
2010-01-24 17:14 . 2006-02-16 16:59 35832 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 02:21 . 2010-01-08 02:19 -------- d-----w- c:\documents and settings\Kris\Application Data\W Photo Studio Viewer
2010-01-08 01:55 . 2010-01-08 01:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2009-08-29 19:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-29 19:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2006-02-15 14:04 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-02-15 14:02 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 03:11 . 2009-12-15 03:11 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-12-15 03:11 . 2009-12-15 03:11 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-12-15 03:10 . 2009-12-15 03:10 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-12-15 03:09 . 2009-12-15 03:09 30720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\netfw.exe
2009-12-15 03:09 . 2009-12-15 03:09 23510720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\dotnetfx.exe
2009-12-15 03:09 . 2009-12-15 03:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-12-15 03:08 . 2009-12-15 03:08 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_1890697f\EasyShrx.Dll
2009-12-15 03:06 . 2009-12-15 03:06 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.20.1.dll
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\BitTorrent\bittorrent   .exe
c:\program files\BitTorrent\bittorrent  .exe
c:\program files\BitTorrent\bittorrent .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\DAEMON Tools\daemon .exe
c:\program files\DNA\btdna .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\ltmoh\ltmoh .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Sony Ericsson\Mobile2\Application Launcher\application launcher .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\TOSHIBA Applet\thotkey .exe
c:\program files\TOSHIBA\TOSHIBA Zooming Utility\smoothview .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\DLA\dlactrlw .exe
</pre>


((((((((((((((((((((((((((((( SnapShot_2009-08-29_19.55.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
- 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a\vcomp90.dll
+ 2005-05-26 11:16 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-10-25 16:23 . 2001-08-17 22:43 32768 c:\windows\system32\WiaMicro.dll
+ 2009-10-25 16:24 . 2001-08-18 02:36 87040 c:\windows\system32\wiafbdrv.dll
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2006-02-15 14:04 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2006-02-15 14:04 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
- 2006-02-15 16:07 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
+ 2006-02-15 16:07 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2009-12-15 08:10 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-10-20 06:23 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-20 06:23 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2006-02-15 14:03 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2006-02-15 14:03 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2007-02-08 06:40 . 2007-02-08 06:40 64512 c:\windows\system32\ptpitcp.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2006-02-15 14:03 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-15 14:03 . 2009-12-16 08:16 72470 c:\windows\system32\perfc009.dat
+ 2008-07-25 16:17 . 2008-07-25 16:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2006-02-15 14:03 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2006-02-15 14:03 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2006-02-15 14:03 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2006-11-08 02:03 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 83968 c:\windows\system32\mscories.dll
+ 2006-02-15 14:03 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2007-11-09 01:12 . 2009-08-23 19:45 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-09 01:12 . 2009-09-09 16:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-02-15 14:02 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 97800 c:\windows\system32\infocardapi.dll
- 2006-11-07 08:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 08:26 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2006-02-15 14:02 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
+ 2006-02-15 14:02 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2006-02-15 14:02 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2008-07-30 00:24 . 2008-07-30 00:24 11264 c:\windows\system32\icardres.dll
- 2006-10-17 16:58 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
+ 2006-02-15 14:02 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
- 2006-02-15 14:02 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2006-02-15 14:02 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 73720 c:\windows\system32\dxva2.dll
+ 2009-12-15 03:24 . 2007-06-06 14:25 40960 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDLM.dll
+ 2009-12-15 03:24 . 2007-06-06 14:36 28672 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGPD.dll
+ 2009-12-15 03:24 . 2007-06-06 14:18 45056 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDDynCC.DLL
- 2004-08-03 22:59 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2004-08-03 22:59 . 2008-05-02 10:49 62976 c:\windows\system32\drivers\cdrom.sys
+ 2006-02-15 15:36 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-10-25 16:24 . 2001-08-18 02:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2006-02-15 14:03 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\rundll32.exe
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2007-05-09 04:20 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 04:20 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2007-05-09 04:20 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-09 04:20 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 08:26 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 08:26 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-06-29 16:12 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 08:26 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
- 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-07-29 04:37 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2006-02-16 17:03 . 2005-08-05 21:56 64512 c:\windows\system32\dllcache\ehtray.exe
- 2005-08-05 21:56 . 2005-08-05 21:56 64512 c:\windows\system32\dllcache\ehtray.exe
+ 2006-02-15 14:04 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 16:12 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-12-15 03:12 . 2008-05-02 10:49 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2006-02-15 14:02 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-10 20:40 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-10 20:40 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-10 20:40 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-10 20:40 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-29 19:55 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-29 19:55 . 2008-04-14 00:12 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-29 19:55 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-10 20:40 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-29 19:55 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\cache\linkinfo.dll
+ 2009-08-10 20:40 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-10 20:40 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-29 19:55 . 2008-04-14 00:11 56320 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-29 19:55 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-08-29 19:55 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-08-10 20:40 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-10 20:40 . 2004-08-10 12:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-02-15 14:02 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2006-02-16 10:18 . 2010-03-08 21:32 61952 c:\windows\system32\DLA\dlactrlw.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 96760 c:\windows\system32\dfshim.dll
- 2006-02-15 15:41 . 2009-08-10 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-02-15 15:41 . 2010-03-08 18:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-08-10 20:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-15 15:41 . 2010-03-08 18:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-15 14:02 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2006-02-15 14:02 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2006-02-15 14:02 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 00:32 . 2008-07-30 00:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-30 01:11 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-08 00:36 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2006-02-15 15:34 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2006-02-15 15:34 . 2007-01-02 20:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2006-02-15 15:34 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2006-02-15 15:34 . 2007-01-02 20:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2006-02-15 15:34 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2006-02-15 15:34 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-02-15 15:34 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-02-15 15:34 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\19a4badc.msp
+ 2009-12-15 08:07 . 2009-12-15 08:07 88576 c:\windows\Installer\199cd878.msi
+ 2009-12-15 03:24 . 2009-12-15 03:24 45056 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
+ 2009-11-25 08:03 . 2009-11-25 08:03 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-10-28 20:14 . 2009-10-28 20:14 22486 c:\windows\Installer\{BC467935-A9A5-4D0F-BD89-94F36CDF0524}\NewShortcut1_2DE3D622F2284BCA97CCD93B6F287D73.exe
+ 2009-10-28 20:05 . 2009-10-28 20:05 22534 c:\windows\Installer\{B74D4E10-6884-0000-0000-000000000103}\NewShortcut4_B74D4E10103300000000000000000001.exe
+ 2009-10-28 20:05 . 2009-10-28 20:05 65536 c:\windows\Installer\{B74D4E10-6884-0000-0000-000000000103}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
+ 2009-10-28 20:05 . 2009-10-28 20:05 65536 c:\windows\Installer\{B74D4E10-6884-0000-0000-000000000103}\AdobeBridge_B74D4E10103300000000000000000001_1.exe
+ 2010-01-24 17:17 . 2010-01-24 17:17 77610 c:\windows\Installer\{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}\_6FEFF9B68218417F98F549.exe
+ 2009-12-15 03:21 . 2009-12-15 03:21 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartupShortcut10.exe
+ 2009-12-15 03:21 . 2009-12-15 03:21 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartMenu10_1.exe
+ 2009-12-15 03:21 . 2009-12-15 03:21 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareDesktopShortcut10.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-22 08:04 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-22 08:04 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-10 08:10 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-10 08:10 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-10 08:10 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-10 08:10 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-16 07:01 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-16 07:01 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-16 07:01 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-16 07:01 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-12-15 03:12 . 2008-05-02 10:49 62976 c:\windows\Driver Cache\i386\cdrom.sys
+ 2009-10-15 07:05 . 2009-10-15 07:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_84bc5841\System.Drawing.Design.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_afdbd04c\CustomMarshalers.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_b327a23c\System.Drawing.Design.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_2163946b\CustomMarshalers.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\da13039924f5f0bf870c98296e3b7aab\WiaProxy32.ni.exe
+ 2009-12-16 08:34 . 2009-12-16 08:34 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-12-15 08:46 . 2009-12-15 08:46 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-12-15 08:37 . 2009-12-15 08:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-12-15 08:37 . 2009-12-15 08:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-12-16 08:22 . 2009-12-16 08:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-12-15 08:25 . 2009-12-15 08:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-12-15 08:23 . 2009-12-15 08:23 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-12-16 08:20 . 2009-12-16 08:20 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-12-15 08:35 . 2009-12-15 08:35 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\3567e9f972165d48ab1ca52739705122\Interop.WIA.ni.dll
+ 2009-12-15 08:35 . 2009-12-15 08:35 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-12-16 08:42 . 2009-12-16 08:42 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-12-16 08:41 . 2009-12-16 08:41 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-12-15 08:35 . 2009-12-15 08:35 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-12-15 03:20 . 2009-12-15 03:20 86016 c:\windows\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.5227.4054__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-12-15 08:11 . 2009-12-15 08:11 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-15 03:20 . 2009-12-15 03:20 38400 c:\windows\assembly\GAC_32\PeopleRecognition-Defs-PlatReq\1.1.5227.4054__b0cfd8589c27b05f\PeopleRecognition-Defs-PlatReq.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-11-25 08:05 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 08:05 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-10-15 07:05 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-12-10 08:12 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 11:57 . 2009-07-29 04:37 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-10 08:12 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-10 08:12 . 2008-04-14 00:11 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2009-10-15 07:03 . 2007-12-17 12:00 66592 c:\windows\$NtUninstallKB953295$\togac.exe
+ 2009-10-15 07:03 . 2007-12-17 11:59 66592 c:\windows\$NtUninstallKB953295$\setregni.exe
+ 2009-10-15 07:03 . 2007-01-02 20:29 86016 c:\windows\$NtUninstallKB953295$\mscorld.dll
+ 2009-10-15 07:03 . 2007-01-02 20:29 73728 c:\windows\$NtUninstallKB953295$\mscorie.dll
+ 2009-10-15 07:03 . 2008-04-13 16:10 32768 c:\windows\$NtUninstallKB953295$\aspnet_wp.exe
+ 2009-10-15 07:03 . 2008-04-13 16:10 32768 c:\windows\$NtUninstallKB953295$\aspnet_state.exe
+ 2009-12-15 03:13 . 2008-04-13 18:40 62976 c:\windows\$NtUninstallKB932716-v2$\cdrom.sys
+ 2010-01-22 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978207-IE7\update\spcustom.dll
+ 2010-01-22 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978207-IE7\spmsg.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\pngfilt.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 52224 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeedsbs.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 27648 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\jsproxy.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 13824 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieudinit.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iernonce.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 78336 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieencode.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 70656 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ie4uinit.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 63488 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\icardie.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 17408 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\corpol.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976749-IE7\update\spcustom.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976749-IE7\spmsg.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2009-10-15 07:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-15 07:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-15 07:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-15 07:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-10-16 07:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455-IE7\update\spcustom.dll
+ 2009-10-16 07:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455-IE7\spmsg.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\pngfilt.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 52224 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeedsbs.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 27648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\jsproxy.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 13824 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieudinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iernonce.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 78336 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieencode.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 70656 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ie4uinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 63488 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\icardie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 17408 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\corpol.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-12-10 08:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-10 08:11 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-25 08:05 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 08:05 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2010-01-13 11:57 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-13 11:57 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-13 11:49 . 2009-10-15 16:39 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-12-10 08:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-10 08:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-11-11 20:37 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-11 20:37 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2009-10-16 07:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-16 07:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-09-09 07:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-09 07:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2010-01-13 11:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-13 11:58 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-10-25 18:15 . 2009-10-25 18:15 5632 c:\windows\system32\pndx5032.dll
- 2006-02-16 09:56 . 2008-09-11 13:02 5632 c:\windows\system32\pndx5032.dll
- 2006-02-16 09:56 . 2008-09-11 13:02 6656 c:\windows\system32\pndx5016.dll
+ 2009-10-25 18:15 . 2009-10-25 18:15 6656 c:\windows\system32\pndx5016.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-10 20:40 . 2004-08-10 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-08-10 20:40 . 2004-08-10 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2008-07-30 04:40 . 2008-07-30 04:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2006-02-15 15:34 . 2007-01-02 20:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2006-02-15 15:34 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-15 03:21 . 2009-12-15 03:21 3072 c:\windows\assembly\GAC_32\policy.2.0.EastmanKodakCompany.EasyShare\2.0.5406.2521__e736f44e197b3380\policy.2.0.EastmanKodakCompany.EasyShare.dll
+ 2009-12-15 03:21 . 2009-12-15 03:21 3072 c:\windows\assembly\GAC_32\policy.1.0.EastmanKodakCompany.EasyShare\1.0.0.2__e736f44e197b3380\policy.1.0.EastmanKodakCompany.EasyShare.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-15 07:03 . 2007-01-02 20:29 8192 c:\windows\$NtUninstallKB953295$\ieexec.exe
+ 2009-12-16 08:14 . 2009-12-16 08:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 02:23 . 2007-11-07 02:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 03:14 . 2009-07-12 03:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2008-07-30 02:26 . 2008-07-30 02:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-12-15 08:09 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2006-02-15 15:36 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2006-02-15 14:05 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-02-15 14:04 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-06-19 02:43 . 2004-06-19 02:43 323624 c:\windows\system32\wiaaut.dll
+ 2006-02-15 14:04 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
- 2006-02-15 14:04 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2006-02-15 14:04 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
- 2006-02-15 14:04 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 161296 c:\windows\system32\UIAutomationCore.dll
- 2006-02-15 14:04 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
+ 2006-02-15 14:04 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2006-02-15 14:05 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2006-02-15 14:05 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-12-15 08:09 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-12-15 08:09 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
- 2006-02-15 14:03 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2006-02-15 14:03 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2009-10-25 18:15 . 2009-10-25 18:15 185920 c:\windows\system32\rmoc3260.dll
+ 2006-08-24 21:15 . 2006-08-24 21:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2006-02-15 14:03 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
- 2006-02-16 09:56 . 2008-09-11 13:02 278528 c:\windows\system32\pncrt.dll
+ 2006-02-16 09:56 . 2009-10-25 18:14 278528 c:\windows\system32\pncrt.dll
+ 2008-09-24 06:08 . 2008-05-28 07:13 425472 c:\windows\system32\photometadatahandler.dll
+ 2006-02-15 14:03 . 2009-12-16 08:16 443474 c:\windows\system32\perfh009.dat
+ 2006-02-15 14:03 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2006-02-15 14:03 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2006-02-15 14:03 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
- 2006-02-15 14:03 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
+ 2006-02-15 14:03 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2006-02-15 14:03 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
+ 2006-02-15 14:03 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2006-02-15 14:03 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 282112 c:\windows\system32\mscoree.dll
+ 2007-06-06 14:18 . 2007-06-06 14:18 196608 c:\windows\system32\KPDRES.DLL
+ 2007-06-06 14:38 . 2007-06-06 14:38 237568 c:\windows\system32\KPDPMUI.dll
+ 2007-06-06 14:38 . 2007-06-06 14:38 344064 c:\windows\system32\KPDPM.dll
- 2006-02-15 14:02 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2006-02-15 14:02 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2009-12-15 03:12 . 2008-05-02 13:25 465920 c:\windows\system32\imapi2fs.dll
+ 2009-12-15 03:12 . 2008-05-02 13:25 317952 c:\windows\system32\imapi2.dll
- 2006-10-17 16:57 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 16:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
- 2006-02-15 14:02 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2006-02-15 14:02 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 622080 c:\windows\system32\icardagt.exe
+ 2006-02-15 07:29 . 2009-12-15 12:34 164320 c:\windows\system32\FNTCACHE.DAT
- 2006-02-15 14:02 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 493048 c:\windows\system32\evr.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2009-12-15 03:24 . 2007-06-06 14:46 229376 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDVS.dll
+ 2009-12-15 03:24 . 2007-06-06 14:37 278528 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDUI.dll
+ 2009-12-15 03:24 . 2007-06-06 14:18 196608 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDRES.dll
+ 2009-12-15 03:24 . 2007-06-06 14:37 258048 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGDI.dll
+ 2006-02-15 14:03 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-03 23:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2009-12-15 08:09 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-15 15:36 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-02-15 15:36 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2006-02-15 14:05 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 02:03 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 17:05 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:05 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-09-09 06:20 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-07-29 04:37 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-16 12:37 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2009-12-15 08:09 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
- 2006-10-17 17:04 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2006-05-10 05:25 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 04:20 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 04:20 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-13 13:03 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-12-15 03:12 . 2008-05-02 13:25 465920 c:\windows\system32\dllcache\imapi2fs.dll
+ 2009-12-15 03:12 . 2008-05-02 13:25 317952 c:\windows\system32\dllcache\imapi2.dll
+ 2006-10-17 17:04 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 04:20 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 04:20 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 08:27 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 04:20 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-05-09 04:20 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 08:25 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:25 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:27 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:26 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 08:26 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2006-05-10 05:25 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:25 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:25 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-08-29 19:55 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-10 20:40 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-29 19:55 . 2008-04-14 00:12 185856 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-10 20:40 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-29 19:55 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-29 19:55 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-08-10 20:40 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-29 19:55 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-10 20:40 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-10 20:40 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-29 19:55 . 2008-04-14 00:12 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-10 20:40 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-29 19:55 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-10 20:40 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-29 19:55 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-10 20:40 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-08-10 20:40 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2006-02-15 16:21 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2006-11-07 08:26 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-11-07 08:26 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-01-13 11:50 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2006-02-15 14:02 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 23:47 . 2008-07-29 23:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 04:15 . 2008-07-30 04:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 09:59 . 2008-11-25 09:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2006-02-15 15:34 . 2004-07-20 02:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2006-02-15 15:34 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2006-02-15 15:34 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2006-02-15 15:34 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2010-01-24 17:17 . 2010-01-24 17:17 480256 c:\windows\Installer\b3bb0c6.msi
+ 2009-11-11 20:26 . 2009-11-11 20:26 424448 c:\windows\Installer\434aa9e.msi
+ 2009-03-20 16:48 . 2009-03-20 16:48 183808 c:\windows\Installer\42d4176.msp
+ 2009-10-28 20:09 . 2009-10-28 20:09 228352 c:\windows\Installer\3e70230.msi
+ 2010-03-03 12:12 . 2010-03-03 12:12 802304 c:\windows\Installer\31e4d9b.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\19a70541.msp
+ 2009-12-15 08:13 . 2009-12-15 08:13 648192 c:\windows\Installer\19a7051e.msi
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\19a4bae5.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\19a4bae3.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\19a4bae1.msp
+ 2009-12-15 08:12 . 2009-12-15 08:12 137728 c:\windows\Installer\19a4badb.msi
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\199cd87d.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\199cd87b.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\199cd87a.msp
+ 2009-12-15 03:24 . 2009-12-15 03:24 202752 c:\windows\Installer\1892d8aa.msi
+ 2009-12-15 03:22 . 2009-12-15 03:22 295936 c:\windows\Installer\1892d899.msi
+ 2009-12-15 03:22 . 2009-12-15 03:22 370688 c:\windows\Installer\1892d894.msi
+ 2009-12-15 03:22 . 2009-12-15 03:22 404480 c:\windows\Installer\1892d88f.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 213504 c:\windows\Installer\1892d889.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 186368 c:\windows\Installer\1892d883.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 180736 c:\windows\Installer\1892d87e.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 180736 c:\windows\Installer\1892d879.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 396800 c:\windows\Installer\1892d874.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 548352 c:\windows\Installer\1892d86f.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 291840 c:\windows\Installer\1892d86a.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 357376 c:\windows\Installer\1892d865.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 291840 c:\windows\Installer\1892d860.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 182784 c:\windows\Installer\1892d85b.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 288768 c:\windows\Installer\1892d856.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 294912 c:\windows\Installer\1892d851.msi
+ 2009-11-25 08:03 . 2009-11-25 08:03 429568 c:\windows\Installer\12ccf3a0.msi
+ 2009-12-15 03:24 . 2009-12-15 03:24 135168 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
+ 2010-03-03 12:12 . 2010-03-03 12:12 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-22 08:04 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-22 08:04 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-22 08:04 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-22 08:04 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-22 08:04 . 2006-11-08 02:03 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-22 08:04 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-12-10 08:10 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-10 08:10 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-10 08:10 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-10 08:10 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-10 08:10 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-16 07:01 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-16 07:01 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-16 07:01 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-16 07:01 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-16 07:01 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-16 07:01 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2006-02-15 15:34 . 2009-08-18 14:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-12-15 08:09 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2008-11-13 13:03 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-10-15 07:05 . 2009-10-15 07:05 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e6a9f933\System.Drawing.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e3ea6bcf\System.Drawing.Design.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f51c1c39\CustomMarshalers.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_5888a201\System.Drawing.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-12-15 08:34 . 2009-12-15 08:34 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-12-16 08:37 . 2009-12-16 08:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-12-16 08:34 . 2009-12-16 08:34 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-12-16 08:34 . 2009-12-16 08:34 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-12-16 08:45 . 2009-12-16 08:45 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-12-15 08:47 . 2009-12-15 08:47 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-12-15 08:44 . 2009-12-15 08:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll


+ 2009-12-15 08:43 . 2009-12-15 08:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-12-15 08:31 . 2009-12-15 08:31 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-12-16 08:41 . 2009-12-16 08:41 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-12-16 08:41 . 2009-12-16 08:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-12-15 08:31 . 2009-12-15 08:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-12-16 08:29 . 2009-12-16 08:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-12-15 08:27 . 2009-12-15 08:27 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-12-15 08:41 . 2009-12-15 08:41 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-12-15 08:37 . 2009-12-15 08:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-12-15 08:35 . 2009-12-15 08:35 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-12-15 08:37 . 2009-12-15 08:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-12-15 08:34 . 2009-12-15 08:34 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-12-15 08:34 . 2009-12-15 08:34 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-12-15 08:34 . 2009-12-15 08:34 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-12-15 08:26 . 2009-12-15 08:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-12-16 08:24 . 2009-12-16 08:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-12-16 08:24 . 2009-12-16 08:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-12-16 08:23 . 2009-12-16 08:23 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-12-16 08:23 . 2009-12-16 08:23 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 158208 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\ec479abdf0e3c808a733a71d92c43445\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 893440 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\a8645a19a0f7149c7f279414cad02913\PaintDotNet.SystemLayer.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 390144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\5c5ef342bca4332fd8f8596d618521a5\PaintDotNet.Resources.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 799744 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\b8eb9bc6fcc22140273b2d6a14dd8b23\PaintDotNet.Effects.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\3c33043f07d88545bac79a3332ec54d6\PaintDotNet.Data.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 771072 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\a430fce2b91387459b24ed9077d9bd6c\PaintDotNet.Base.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-12-15 08:35 . 2009-12-15 08:35 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-12-16 08:42 . 2009-12-16 08:42 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-12-15 08:34 . 2009-12-15 08:34 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 518656 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\f73e92fa544b940a6f1849227fc33c54\ICSharpCode.SharpZipLib.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-12-15 08:34 . 2009-12-15 08:34 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-12-15 08:35 . 2009-12-15 08:35 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-12-16 08:41 . 2009-12-16 08:41 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-15 03:20 . 2009-12-15 03:20 430080 c:\windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.0.5227.4054__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-12-16 08:14 . 2009-12-16 08:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-12-15 08:10 . 2009-12-15 08:10 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-12-15 03:21 . 2009-12-15 03:21 258048 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\2.0.5406.2521__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
+ 2009-12-15 03:21 . 2009-12-15 03:21 282624 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\1.0.2698.25402__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2006-02-15 14:01 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-11-25 08:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 08:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-10-15 07:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-15 07:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-15 07:01 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-15 07:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-15 07:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-12-10 08:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-10 08:09 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-10 08:09 . 2008-04-14 00:12 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-10 08:12 . 2008-04-14 00:12 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-10-16 07:02 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-12-10 08:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-10 08:11 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-12-10 08:11 . 2004-05-03 03:13 115400 c:\windows\$NtUninstallKB973904$\msconv97.dll
+ 2009-09-09 07:02 . 2008-05-06 20:16 382840 c:\windows\$NtUninstallKB973768$\spuninst\updspapi.dll
+ 2009-09-09 07:02 . 2008-05-06 20:16 231288 c:\windows\$NtUninstallKB973768$\spuninst\spuninst.exe
+ 2009-09-09 07:02 . 2006-10-09 21:18 178176 c:\windows\$NtUninstallKB973768$\ehkeyctl.dll
+ 2009-11-25 08:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 08:05 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-10-15 07:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2010-01-13 11:57 . 2009-07-29 04:37 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 11:57 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 11:57 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-09-09 07:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-09 07:01 . 2008-05-09 10:53 512000 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-12-10 08:09 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-10 08:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-10 08:09 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-10-15 07:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2009-12-10 08:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-10 08:12 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-11-11 20:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-11 20:37 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-10-16 07:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-16 07:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-09-09 07:02 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-09 07:02 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-12-16 08:04 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2009-12-16 08:04 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2009-10-15 07:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-15 07:11 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-09-09 07:02 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-09 07:02 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-09 07:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2010-01-13 11:57 . 2009-05-26 22:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-13 11:57 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-13 11:57 . 2008-04-14 00:11 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2009-10-15 07:05 . 2006-10-19 02:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-15 07:05 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-15 07:05 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2009-10-15 07:03 . 2009-04-13 17:42 371424 c:\windows\$NtUninstallKB953295$\spuninst\updspapi.dll
+ 2009-10-15 07:03 . 2009-04-13 17:42 213216 c:\windows\$NtUninstallKB953295$\spuninst\spuninst.exe
+ 2009-10-15 07:03 . 2004-07-20 02:54 303104 c:\windows\$NtUninstallKB953295$\mscorjit.dll
+ 2009-10-15 07:03 . 2008-04-13 16:09 200704 c:\windows\$NtUninstallKB953295$\aspnet_isapi.dll
+ 2009-12-15 03:15 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB945060-v3$\spuninst\updspapi.dll
+ 2009-12-15 03:15 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB945060-v3$\spuninst\spuninst.exe
+ 2009-12-15 03:15 . 2008-04-14 00:12 412160 c:\windows\$NtUninstallKB945060-v3$\photometadatahandler.dll
+ 2009-12-15 03:13 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB932716-v2$\spuninst\updspapi.dll
+ 2009-12-15 03:13 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB932716-v2$\spuninst\spuninst.exe
+ 2010-01-22 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978207-IE7\update\updspapi.dll
+ 2010-01-22 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978207-IE7\update\update.exe
+ 2010-01-22 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978207-IE7\spuninst.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 841216 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 233472 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\webcheck.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 105984 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\url.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 102912 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\occache.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 671232 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mstime.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msrating.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 477696 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtmled.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 459264 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeeds.dll
+ 2009-12-18 07:00 . 2009-12-18 07:00 634632 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 268288 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iertutil.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iepeers.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 388608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iedkcs32.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 380928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dll
+ 2009-12-18 06:58 . 2009-12-18 06:58 161792 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakui.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 230400 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieaksie.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 153088 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakeng.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 132608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\extmgr.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 214528 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtrans.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 347136 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtmsft.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 124928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\advpack.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976749-IE7\update\updspapi.dll
+ 2009-11-05 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976749-IE7\update\update.exe
+ 2009-11-05 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976749-IE7\spuninst.exe
+ 2009-12-10 08:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2009-12-10 08:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 841216 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 233472 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 105984 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 102912 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 671232 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 193024 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 477696 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 459264 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2009-10-28 06:54 . 2009-10-28 06:54 634632 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 268288 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 388608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 380928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2009-10-28 06:52 . 2009-10-28 06:52 161792 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 230400 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 153088 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 132608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 214528 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 347136 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2009-10-15 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-15 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-15 07:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-16 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-15 07:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-15 07:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-15 07:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-16 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE7\update\updspapi.dll
+ 2009-10-16 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
+ 2009-10-16 07:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455-IE7\spuninst.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 840704 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 233472 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\webcheck.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 105984 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\url.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 102912 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\occache.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 671232 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mstime.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 193024 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msrating.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 477696 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtmled.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 459264 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeeds.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 634648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 268288 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iertutil.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 388608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iedkcs32.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 380928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 161792 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakui.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 230400 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieaksie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 153088 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakeng.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 132608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\extmgr.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 214528 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtrans.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 347136 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtmsft.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 124928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\advpack.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-10 08:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-10 08:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-10 08:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-16 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-10-16 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-12-10 08:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-10 08:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-10 08:11 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-10 02:43 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-25 08:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 08:05 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 08:05 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-10-15 07:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-10-15 07:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2010-01-13 11:57 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-13 11:57 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-13 11:57 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-13 11:49 . 2009-10-15 16:39 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-09 07:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-09 06:21 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2009-12-10 08:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-10 08:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-10 08:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2009-10-15 07:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2009-10-15 07:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2009-12-10 08:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-10 08:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-10 08:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-11-11 20:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-11 20:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-11 20:37 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-10-16 07:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-10-16 07:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-10-16 07:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2009-09-09 07:02 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-09 07:02 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-09 07:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-09 06:20 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2010-01-13 11:58 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-13 11:58 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-13 11:58 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-13 11:50 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2009-10-15 06:59 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2006-02-15 15:36 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll
- 2006-02-15 14:05 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2006-02-15 14:05 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
+ 2006-02-15 14:04 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2006-02-15 14:04 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-12-15 08:10 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-12-15 08:10 . 2008-07-06 22:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-12-15 08:10 . 2008-07-06 22:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
- 2006-02-15 14:03 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2006-02-15 14:03 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2006-02-15 14:03 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
- 2006-02-15 14:03 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
+ 2006-02-15 14:03 . 2009-12-08 19:26 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-12-08 18:43 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-24 06:07 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-02-15 14:03 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-02-15 14:03 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-08 02:03 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2006-11-08 02:03 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2009-12-15 03:24 . 2007-06-06 14:57 2363392 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\xerces-c_2_7.dll
+ 2009-12-15 08:09 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2006-02-15 15:36 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2006-02-15 14:05 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-02-15 14:05 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-16 12:37 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:25 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 12:37 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 12:37 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 12:37 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:37 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:37 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:37 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 12:37 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-24 06:07 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-13 13:09 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-05-19 15:06 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 04:20 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 04:20 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-10 20:40 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-10 20:40 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-10 20:40 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-10 20:40 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 00:35 . 2008-12-06 00:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 01:12 . 2008-12-06 01:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 09:59 . 2008-11-25 09:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2006-02-15 15:34 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-02-15 15:34 . 2007-01-02 20:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-02-15 15:34 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-02-15 15:34 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2006-02-15 15:34 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2006-02-15 15:34 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2006-02-15 15:34 . 2007-01-02 20:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2006-02-15 15:34 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-10-28 20:05 . 2009-10-28 20:05 2130432 c:\windows\Installer\3e7022b.msi
+ 2010-03-03 12:12 . 2010-03-03 12:12 3940352 c:\windows\Installer\31e4d96.msi
+ 2009-10-28 20:14 . 2009-10-28 20:14 1657856 c:\windows\Installer\21caa.msi
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\19a7052c.msp
+ 2008-07-30 00:26 . 2008-07-30 00:26 1043456 c:\windows\Installer\19a4bae4.msp
+ 2008-07-30 01:37 . 2008-07-30 01:37 2679808 c:\windows\Installer\19a4bae2.msp
+ 2008-07-30 02:15 . 2008-07-30 02:15 3697664 c:\windows\Installer\19a4bae0.msp
+ 2008-07-30 00:34 . 2008-07-30 00:34 1448448 c:\windows\Installer\19a4badf.msp
+ 2008-07-30 01:22 . 2008-07-30 01:22 4137984 c:\windows\Installer\19a4bade.msp
+ 2008-07-30 00:18 . 2008-07-30 00:18 3376640 c:\windows\Installer\19a4badd.msp
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\199cd881.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\199cd880.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\199cd87f.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\199cd87e.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\199cd87c.msp
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\199cd879.msp
+ 2009-12-15 03:24 . 2009-12-15 03:24 1510912 c:\windows\Installer\1892d8a4.msi
+ 2009-12-15 03:22 . 2009-12-15 03:22 1922560 c:\windows\Installer\1892d89e.msi
+ 2009-12-15 03:21 . 2009-12-15 03:21 1021440 c:\windows\Installer\1892d84b.msi
+ 2010-01-22 08:04 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-22 08:04 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-11-05 08:04 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-10 08:10 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-10 08:10 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-10-16 07:01 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-16 07:01 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-16 07:01 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2008-10-16 12:37 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 12:37 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 12:37 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 12:37 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 12:37 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 12:37 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 12:37 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-15 07:05 . 2009-10-15 07:05 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b8bdd930\System.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_39516cc0\System.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_973d9e84\System.Xml.dll
+ 2009-10-15 07:06 . 2009-10-15 07:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4ddfeca3\System.Xml.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_95a79fd9\System.Windows.Forms.dll
+ 2009-10-15 07:06 . 2009-10-15 07:06 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_73fe0a38\System.Windows.Forms.dll
+ 2009-10-15 07:06 . 2009-10-15 07:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_db701f73\System.Drawing.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a97bb384\System.Design.dll
+ 2009-10-15 07:06 . 2009-10-15 07:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2cd4cbda\System.Design.dll
+ 2009-10-15 07:05 . 2009-10-15 07:05 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6109bba\mscorlib.dll
+ 2009-10-15 07:06 . 2009-10-15 07:06 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1107bd75\mscorlib.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_5ccddcf9\System.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_2bed5f04\System.Xml.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_33bec6ae\System.Windows.Forms.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_adeaa8a5\System.Design.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_1e858c23\mscorlib.dll
+ 2009-12-16 08:20 . 2009-12-16 08:20 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-12-15 08:24 . 2009-12-15 08:24 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-12-16 08:34 . 2009-12-16 08:34 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 7599104 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP697.tmp\System.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-12-16 08:19 . 2009-12-16 08:19 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-12-15 08:29 . 2009-12-15 08:29 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-12-16 08:33 . 2009-12-16 08:33 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-12-16 08:45 . 2009-12-16 08:45 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-12-15 08:47 . 2009-12-15 08:47 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-12-15 08:46 . 2009-12-15 08:46 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-12-15 08:46 . 2009-12-15 08:46 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-12-15 08:46 . 2009-12-15 08:46 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-12-15 08:45 . 2009-12-15 08:45 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-12-16 08:30 . 2009-12-16 08:30 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-12-15 08:28 . 2009-12-15 08:28 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-12-16 08:41 . 2009-12-16 08:41 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-12-15 08:31 . 2009-12-15 08:31 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-12-16 08:30 . 2009-12-16 08:30 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-12-15 08:28 . 2009-12-15 08:28 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-12-16 08:41 . 2009-12-16 08:41 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-12-15 08:31 . 2009-12-15 08:31 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-12-16 08:29 . 2009-12-16 08:29 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-12-15 08:27 . 2009-12-15 08:27 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-12-16 08:26 . 2009-12-16 08:26 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-12-15 08:42 . 2009-12-15 08:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-12-16 08:27 . 2009-12-16 08:27 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-12-15 08:27 . 2009-12-15 08:27 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-12-16 08:43 . 2009-12-16 08:43 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-12-15 08:40 . 2009-12-15 08:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-12-16 08:25 . 2009-12-16 08:25 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-12-16 08:25 . 2009-12-16 08:25 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-12-16 08:24 . 2009-12-16 08:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-12-15 08:26 . 2009-12-15 08:26 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-12-16 08:19 . 2009-12-16 08:19 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2010-01-24 17:18 . 2010-01-24 17:18 3136000 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\bee7432ad896916e4c4e44e671aa9e4e\PaintDotNet.ni.exe
+ 2010-01-24 17:18 . 2010-01-24 17:18 1864192 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\a6d1f029c8ec66e4eee8a5fd5b2e6399\PaintDotNet.Core.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-12-15 08:37 . 2009-12-15 08:37 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-12-15 08:34 . 2009-12-15 08:34 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-12-15 08:43 . 2009-12-15 08:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-12-15 08:36 . 2009-12-15 08:36 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-12-15 08:35 . 2009-12-15 08:35 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-12-15 08:23 . 2009-12-15 08:23 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-12-15 08:22 . 2009-12-15 08:22 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-12-15 08:13 . 2009-12-15 08:13 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-12-15 08:22 . 2009-12-15 08:22 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-12-16 08:13 . 2009-12-16 08:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-15 08:11 . 2009-12-15 08:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-12-16 08:15 . 2009-12-16 08:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 15:26 . 2007-07-11 15:26 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 07:04 . 2009-10-15 07:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 07:04 . 2009-10-15 07:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 15:26 . 2007-07-11 15:26 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 07:03 . 2009-10-15 07:03 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-29 15:03 . 2008-09-29 15:03 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-29 15:14 . 2008-09-29 15:14 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-09-09 10:42 . 2009-09-09 10:42 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-11-25 08:05 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 08:05 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-10-15 07:03 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-15 07:03 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-15 07:03 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-15 07:03 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-11-11 20:37 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-10-16 07:02 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-09-09 07:02 . 2008-06-18 10:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-10-15 07:03 . 2007-01-02 20:40 1200128 c:\windows\$NtUninstallKB953295$\system.web.dll
+ 2009-10-15 07:03 . 2007-12-17 11:59 2281472 c:\windows\$NtUninstallKB953295$\mscorwks.dll
+ 2009-10-15 07:03 . 2007-12-17 11:58 2273280 c:\windows\$NtUninstallKB953295$\mscorsvr.dll
+ 2009-10-15 07:03 . 2007-01-02 20:21 1998848 c:\windows\$NtUninstallKB953295$\mscorlib.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 1170944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\urlmon.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 3602944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 6071296 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieframe.dll
+ 2010-01-21 18:12 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dat
+ 2009-10-21 03:59 . 2009-10-21 03:59 3602432 c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-10 02:44 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-15 06:59 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-25 02:39 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 02:39 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-10-15 06:59 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-15 06:59 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-04 22:47 . 2009-08-04 22:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-15 06:59 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2006-08-07 00:33 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\42d417f.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\231aa1b8.msp
+ 2008-12-13 15:21 . 2008-12-13 15:21 10473472 c:\windows\Installer\19a70536.msp
+ 2009-12-15 03:14 . 2009-12-15 03:14 26360320 c:\windows\Installer\1892d840.msi
+ 2009-12-16 08:32 . 2009-12-16 08:32 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-12-15 08:28 . 2009-12-15 08:28 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-12-16 08:44 . 2009-12-16 08:44 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-12-15 08:44 . 2009-12-15 08:44 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-12-15 08:33 . 2009-12-15 08:33 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-12-16 08:42 . 2009-12-16 08:42 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-12-15 08:27 . 2009-12-15 08:27 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-12-16 08:29 . 2009-12-16 08:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-12-15 08:25 . 2009-12-15 08:25 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-12-16 08:23 . 2009-12-16 08:23 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-12-15 08:25 . 2009-12-15 08:25 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-12-16 08:21 . 2009-12-16 08:22 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-12-16 08:18 . 2009-12-16 08:19 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-12-15 08:22 . 2009-12-15 08:22 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))).
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b152038f-0189-4a61-aadc-0158baafd487}]
2010-03-08 18:01 996864 --sha-w- c:\documents and settings\All Users\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-08 61952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-03-08 61952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2010-03-08 61952]
"BitTorrent"="c:\program files\bittorrent\bittorrent .exe" [2010-03-08 61952]
"BMUpdate"="c:\windows\system32\BMUpdate.exe" [2010-03-08 61952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-03-08 61952]
"b152038f-0189-4a6c-aadc-0158baafd487_26"="c:\documents and settings\Kris\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi" [2010-03-07 996864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]
"TFncKy"="TFncKy.exe" [2010-03-08 61952]
"TDispVol"="TDispVol.exe" [2010-03-08 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2010-03-08 61952]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-03-08 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-08 61952]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2010-03-08 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2010-03-07 61952]
"NDSTray.exe"="NDSTray.exe" [2010-03-07 61952]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-08 61952]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2010-03-08 61952]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2010-03-08 61952]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-08 61952]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-08 61952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-08 61952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2010-03-08 61952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2010-03-08 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-08 61952]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-08 61952]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-08 61952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 61952]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-08 61952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-03-08 61952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-08 61952]
"b152038f-0189-4a6c-aadc-0158baafd487_26"="c:\documents and settings\All Users\Application Data\b152038f-0189-4a6c-aadc-0158baafd487_26.avi" [2010-03-08 996864]

c:\documents and settings\Kris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
b152038f-0189-4a6c-aadc-0158baafd487_26.lnk - c:\windows\system32\rundll32.exe [2006-2-15 33280]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
b152038f-0189-4a6c-aadc-0158baafd487_26.lnk - c:\windows\system32\rundll32.exe [2006-2-15 33280]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2006-8-8 299008]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PowerReg Scheduler.exe [2007-12-10 246784]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\kris\local settings\application data\windows server\mlthnj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent .exe"=
"c:\\Program Files\\BitTorrent\\bittorrent .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"40348:TCP"= 40348:TCP:*:Disabled:SolidNetworkManager
"40348:UDP"= 40348:UDP:*:Disabled:SolidNetworkManager

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/29/2007 8:32 PM 646392]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Kris\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Kris\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [11/26/2006 11:16 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [11/26/2006 11:16 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [11/26/2006 11:16 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [11/26/2006 11:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [11/26/2006 11:16 AM 82864]
.
Contents of the 'Scheduled Tasks' folder

2006-08-05 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
FF - ProfilePath - c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Antimalware Defender - c:\program files\Antimalware Defender\Antimalware Defender.dll
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************.
Completion time: 2010-03-08 16:44:12
ComboFix-quarantined-files.txt 2010-03-08 21:44
ComboFix2.txt 2009-08-29 19:56
ComboFix3.txt 2009-08-10 20:41

Pre-Run: 41,763,975,168 bytes free
Post-Run: 41,729,826,816 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BC691DDA2B069B9FD143D96D638F5F8E

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 09 March 2010 - 06:03 AM


Hello ,

I would like to give you good news, but still some stuff there smile.gif

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
RenV::
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\BitTorrent\bittorrent   .exe
c:\program files\BitTorrent\bittorrent  .exe
c:\program files\BitTorrent\bittorrent .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\DAEMON Tools\daemon .exe
c:\program files\DNA\btdna .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\ltmoh\ltmoh .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Sony Ericsson\Mobile2\Application Launcher\application launcher .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\TOSHIBA Applet\thotkey .exe
c:\program files\TOSHIBA\TOSHIBA Zooming Utility\smoothview .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\DLA\dlactrlw .exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • Combofix.txt
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 09 March 2010 - 06:24 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/9/2010 11:48:23 AM
mbam-log-2010-03-09 (11-48-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 253344
Time elapsed: 46 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP4\A0000419.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP4\A0000527.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000666.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000922.sys (Malware.Trace) -> Quarantined and deleted successfully.


#12 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 09 March 2010 - 06:25 PM

ComboFix 10-03-08.02 - Kris 03/09/2010 8:17.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.894 [GMT -5:00]
Running from: c:\documents and settings\Kris\Desktop\getusucka.exe
Command switches used :: c:\documents and settings\Kris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kris\agrsmmsg .exe
c:\documents and settings\Kris\cfsserv .exe
c:\documents and settings\Kris\ndstray .exe
c:\documents and settings\Kris\tdispvol .exe
c:\documents and settings\Kris\tfncky .exe
c:\documents and settings\Kris\tpsmain .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\bmupdate .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 13:09 . 2010-03-09 13:14 -------- d-----w- C:\getusucka12914g
2010-03-09 12:33 . 2010-03-09 12:33 -------- d-----w- C:\$AVG
2010-03-09 03:12 . 2010-03-09 03:12 -------- d-----w- c:\documents and settings\Kris\Local Settings\Application Data\AVG Security Toolbar
2010-03-09 03:10 . 2010-03-09 03:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-09 03:10 . 2010-03-09 03:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 03:10 . 2010-03-09 03:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 03:10 . 2010-03-09 03:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 03:09 . 2010-03-09 13:05 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-09 03:09 . 2010-03-09 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-08 23:24 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 23:24 . 2010-03-08 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 23:24 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 21:34 . 2010-03-08 21:44 -------- d-----w- C:\getusucka
2010-03-08 16:36 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\cfsserv.exe
2010-03-08 16:35 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\tpsmain.exe
2010-03-08 16:35 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\ndstray.exe
2010-03-08 16:35 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\agrsmmsg.exe
2010-03-08 16:35 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\tdispvol.exe
2010-03-08 16:35 . 2010-03-09 13:15 61952 ----a-w- c:\documents and settings\Kris\tfncky.exe
2010-03-08 16:30 . 2010-02-26 16:33 545792 ----a-r- C:\OTLPE.exe
2010-03-08 16:29 . 2004-08-10 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2010-03-08 16:29 . 2010-03-08 16:29 -------- d-----w- C:\_OTL
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\cfsserv.exe
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\ndstray.exe
2010-03-07 18:12 . 2010-03-07 18:12 61952 ----a-w- c:\windows\system32\agrsmmsg.exe
2010-03-07 18:12 . 2010-03-08 18:01 61952 ----a-w- c:\windows\system32\tfncky.exe
2010-03-07 18:12 . 2010-03-08 16:29 -------- d-----w- c:\documents and settings\Kris\Local Settings\Application Data\Windows Server
2010-03-07 18:11 . 2010-03-07 18:11 -------- d-----w- c:\documents and settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1
2010-02-18 01:47 . 2010-03-09 12:44 0 ----a-w- c:\documents and settings\Kris\Local Settings\Application Data\prvlcl.dat
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\83078.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 13:26 . 2009-01-29 05:03 -------- d-----w- c:\program files\QuickTime
2010-03-09 13:26 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxpers.exe
2010-03-09 13:26 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\hkcmd.exe
2010-03-09 13:26 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxtray.exe
2010-03-09 13:26 . 2006-02-15 16:28 -------- d-----w- c:\program files\ltmoh
2010-03-09 13:26 . 2009-10-25 16:23 61952 ----a-w- c:\windows\system32\bmupdate.exe
2010-03-09 13:26 . 2008-05-11 01:48 -------- d-----w- c:\program files\BitTorrent
2010-03-09 13:26 . 2007-01-30 01:36 -------- d-----w- c:\program files\DAEMON Tools
2010-03-09 13:25 . 2008-05-11 01:48 -------- d-----w- c:\program files\DNA
2010-03-09 13:25 . 2008-05-11 01:48 -------- d-----w- c:\documents and settings\Kris\Application Data\DNA
2010-03-09 13:24 . 2009-12-15 03:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-09 13:16 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxpers .exe
2010-03-09 13:16 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\hkcmd .exe
2010-03-09 13:16 . 2006-02-18 15:57 61952 ----a-w- c:\windows\system32\igfxtray .exe
2010-03-09 13:15 . 2010-03-08 16:36 61952 ----a-w- c:\documents and settings\Kris\cfsserv .exe
2010-03-09 13:15 . 2010-03-08 16:35 61952 ----a-w- c:\documents and settings\Kris\tpsmain .exe
2010-03-09 13:15 . 2010-03-08 16:35 61952 ----a-w- c:\documents and settings\Kris\ndstray .exe
2010-03-09 13:15 . 2010-03-08 16:35 61952 ----a-w- c:\documents and settings\Kris\agrsmmsg .exe
2010-03-09 13:15 . 2006-09-10 17:30 -------- d-----w- c:\documents and settings\Kris\Application Data\BitTorrent
2010-03-09 13:15 . 2010-03-08 16:35 61952 ----a-w- c:\documents and settings\Kris\tdispvol .exe
2010-03-09 13:15 . 2010-03-08 16:35 61952 ----a-w- c:\documents and settings\Kris\tfncky .exe
2010-03-09 13:15 . 2009-10-25 16:23 61952 ----a-w- c:\windows\system32\bmupdate .exe
2010-03-09 13:04 . 2009-11-11 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-09 12:44 . 2008-07-24 20:49 0 ----a-w- c:\documents and settings\Everyone_Except_Kris\Local Settings\Application Data\prvlcl.dat
2010-03-08 18:01 . 2006-02-25 04:28 61952 ----a-w- c:\windows\system32\tdispvol.exe
2010-03-07 18:12 . 2010-03-07 18:11 933888 ----a-w- c:\documents and settings\Kris\Application Data\C305B29925EA394F8D59D5328F1D40E1\dbf70700.exe
2010-03-04 12:30 . 2010-03-04 12:29 20829680 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-04 12:29 . 2010-03-04 12:29 8405312 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-04 12:29 . 2010-03-04 12:29 149000 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-04 12:29 . 2010-03-04 12:28 10309448 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-04 12:28 . 2010-03-04 12:28 283280 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-04 12:28 . 2010-03-04 12:28 181768 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-04 12:28 . 2010-03-04 12:28 79368 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-04 12:28 . 2010-03-04 12:28 64000 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-04 12:28 . 2010-03-04 12:28 52288 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-04 12:28 . 2010-03-04 12:28 50688 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-04 12:28 . 2010-03-04 12:28 49152 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-04 12:28 . 2010-03-04 12:28 118784 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-04 04:27 . 2010-03-04 04:27 439816 ----a-w- c:\documents and settings\Kris\Application Data\Real\Update\setup3.10\setup.exe
2010-03-03 12:11 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 05:44 . 2009-10-28 19:40 -------- d-----w- c:\program files\AruaROSE
2010-02-04 23:46 . 2010-02-07 19:26 52224 ----a-w- c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-04 23:46 . 2010-02-07 19:26 101376 ----a-w- c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-24 17:17 . 2010-01-24 17:17 -------- d-----w- c:\program files\Paint.NET
2010-01-24 17:14 . 2006-02-16 16:59 35832 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 10:00 . 2006-02-15 14:04 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-02-15 14:02 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 03:11 . 2009-12-15 03:11 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-12-15 03:11 . 2009-12-15 03:11 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-12-15 03:10 . 2009-12-15 03:10 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-12-15 03:09 . 2009-12-15 03:09 30720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\netfw.exe
2009-12-15 03:09 . 2009-12-15 03:09 23510720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\dotnetfx.exe
2009-12-15 03:09 . 2009-12-15 03:09 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-12-15 03:08 . 2009-12-15 03:08 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_1890697f\EasyShrx.Dll
2009-12-15 03:06 . 2009-12-15 03:06 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.20.1.dll
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\BitTorrent\bittorrent    .exe
c:\program files\BitTorrent\bittorrent   .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\DAEMON Tools\daemon .exe
c:\program files\DNA\btdna .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\ltmoh\ltmoh .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\Sony Ericsson\Mobile2\Application Launcher\application launcher .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\TOSHIBA Applet\thotkey .exe
c:\program files\TOSHIBA\TOSHIBA Zooming Utility\smoothview .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\bmupdate .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\DLA\dlactrlw .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-09 61952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-03-09 61952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2010-03-09 61952]
"BitTorrent"="c:\program files\bittorrent\bittorrent .exe" [2010-03-09 61952]
"BMUpdate"="c:\windows\system32\BMUpdate.exe" [2010-03-09 61952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-03-09 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]
"TFncKy"="TFncKy.exe" [2010-03-08 61952]
"TDispVol"="TDispVol.exe" [2010-03-08 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2010-03-09 61952]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-03-09 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-09 61952]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2010-03-09 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2010-03-07 61952]
"NDSTray.exe"="NDSTray.exe" [2010-03-07 61952]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-09 61952]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2010-03-09 61952]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2010-03-09 61952]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-09 61952]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-09 61952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-09 61952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2010-03-09 61952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2010-03-09 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-09 61952]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-09 61952]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-09 61952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 61952]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-09 61952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-03-09 61952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-09 61952]

c:\documents and settings\Kris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2006-8-8 299008]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PowerReg Scheduler.exe [2007-12-10 246784]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-09 03:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\kris\local settings\application data\windows server\mlthnj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent .exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"40348:TCP"= 40348:TCP:*:Disabled:SolidNetworkManager
"40348:UDP"= 40348:UDP:*:Disabled:SolidNetworkManager

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/29/2007 8:32 PM 646392]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2010 10:10 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2010 10:10 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/8/2010 10:09 PM 308064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/8/2010 10:09 PM 369920]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Kris\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Kris\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [11/26/2006 11:16 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [11/26/2006 11:16 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [11/26/2006 11:16 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [11/26/2006 11:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [11/26/2006 11:16 AM 82864]
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2010-03-09 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-09 13:27]

2006-08-05 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kris\Application Data\Mozilla\Firefox\Profiles\bmgbelag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 08:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\igfxpers .exe 61952 bytes executable
c:\windows\system32\igfxtray .exe 61952 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8A7B07B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf74bccb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7b0dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b1aa21
SendHandler -> NDIS.sys @ 0xf7af887b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TDispVol.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-03-09 08:30:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 13:30
ComboFix2.txt 2010-03-08 23:17
ComboFix3.txt 2010-03-08 21:44
ComboFix4.txt 2009-08-29 19:56
ComboFix5.txt 2010-03-09 13:16

Pre-Run: 41,333,305,344 bytes free
Post-Run: 41,322,016,768 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 444B6D311511465563F48B5E2DA6D0DB


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 10 March 2010 - 02:19 PM

Hello again,

Unfortunately still signs of multiple infections ohmy.gif
  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.


QUOTE
Database version: 3510
Thats not up to date. Please update and run another quick scan.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 pcnovice78

pcnovice78
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 March 2010 - 04:12 PM

I think something kept me from updating Mbam, but I reinstalled it to my desktop and it updated ok and I ran it. i have that report and the other report as follows, thanks for all you have done and continue to do smile.gif


Malwarebytes' Anti-Malware 1.44
Database version: 3849
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/10/2010 3:33:23 PM
mbam-log-2010-03-10 (15-33-09).txt

Scan type: Quick Scan
Objects scanned: 154190
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 38

Memory Processes Infected:
C:\WINDOWS\system32\tfncky.exe (Malware.Packer.Gen) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\app_dll.dll (Trojan.Dropper) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmupdate (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\tdispvol.exe (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dla (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\TOSHIBA\IVP\ISM\pinger.exe (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pinger (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxhkcmd (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxpers (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\app_dll.dll (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\tfncky.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\bmupdate.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\tdispvol.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\agrsmmsg.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\ndstray.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\tpsmain.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\DLA\dlactrlw.exe (Malware.Packer.Gen) -> No action taken.
c:\TOSHIBA\IVP\ISM\pinger.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\cfsserv.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\igfxtray.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\hkcmd.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\js.mui (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\agrsmmsg .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\app_dll.dll.796250.old (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\bmupdate .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\cfsserv .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\hkcmd .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\ndstray .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\tdispvol .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\tfncky .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\igfxpers .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\igfxtray .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\temp\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\Local Settings\temp\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\agrsmmsg .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\agrsmmsg.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\cfsserv .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\cfsserv.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\ndstray .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\ndstray.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tdispvol .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tdispvol.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tfncky .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tfncky.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tpsmain .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Kris\tpsmain.exe (Malware.Packer.Gen) -> No action taken.




16:08:04:687 2584 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
16:08:04:687 2584 ================================================================================
16:08:04:687 2584 SystemInfo:

16:08:04:687 2584 OS Version: 5.1.2600 ServicePack: 3.0
16:08:04:687 2584 Product type: Workstation
16:08:04:687 2584 ComputerName: DREAM
16:08:04:687 2584 UserName: Kris
16:08:04:687 2584 Windows directory: C:\WINDOWS
16:08:04:687 2584 Processor architecture: Intel x86
16:08:04:687 2584 Number of processors: 2
16:08:04:687 2584 Page size: 0x1000
16:08:04:687 2584 Boot type: Normal boot
16:08:04:687 2584 ================================================================================
16:08:04:703 2584 UnloadDriverW: NtUnloadDriver error 2
16:08:04:703 2584 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:08:04:734 2584 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:08:04:734 2584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:08:04:734 2584 wfopen_ex: Trying to KLMD file open
16:08:04:734 2584 wfopen_ex: File opened ok (Flags 2)
16:08:04:734 2584 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:08:04:750 2584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:08:04:750 2584 wfopen_ex: Trying to KLMD file open
16:08:04:750 2584 wfopen_ex: File opened ok (Flags 2)
16:08:04:750 2584 Initialize success
16:08:04:750 2584
16:08:04:750 2584 Scanning Services ...
16:08:05:234 2584 GetAdvancedServicesInfo: Raw services enum returned 399 services
16:08:05:250 2584
16:08:05:250 2584 Scanning Kernel memory ...
16:08:05:250 2584 Devices to scan: 3
16:08:05:250 2584
16:08:05:250 2584 Driver Name: Disk
16:08:05:250 2584 IRP_MJ_CREATE : F766DBB0
16:08:05:250 2584 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
16:08:05:250 2584 IRP_MJ_CLOSE : F766DBB0
16:08:05:250 2584 IRP_MJ_READ : F7667D1F
16:08:05:250 2584 IRP_MJ_WRITE : F7667D1F
16:08:05:250 2584 IRP_MJ_QUERY_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_SET_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_EA : 804F9759
16:08:05:250 2584 IRP_MJ_SET_EA : 804F9759
16:08:05:250 2584 IRP_MJ_FLUSH_BUFFERS : F76682E2
16:08:05:250 2584 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_DIRECTORY_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_DEVICE_CONTROL : F76683BB
16:08:05:250 2584 IRP_MJ_INTERNAL_DEVICE_CONTROL : F766BF28
16:08:05:250 2584 IRP_MJ_SHUTDOWN : F76682E2
16:08:05:250 2584 IRP_MJ_LOCK_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_CLEANUP : 804F9759
16:08:05:250 2584 IRP_MJ_CREATE_MAILSLOT : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_SECURITY : 804F9759
16:08:05:250 2584 IRP_MJ_SET_SECURITY : 804F9759
16:08:05:250 2584 IRP_MJ_POWER : F7669C82
16:08:05:250 2584 IRP_MJ_SYSTEM_CONTROL : F766E99E
16:08:05:250 2584 IRP_MJ_DEVICE_CHANGE : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_QUOTA : 804F9759
16:08:05:250 2584 IRP_MJ_SET_QUOTA : 804F9759
16:08:05:250 2584 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:08:05:250 2584
16:08:05:250 2584 Driver Name: Disk
16:08:05:250 2584 IRP_MJ_CREATE : F766DBB0
16:08:05:250 2584 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
16:08:05:250 2584 IRP_MJ_CLOSE : F766DBB0
16:08:05:250 2584 IRP_MJ_READ : F7667D1F
16:08:05:250 2584 IRP_MJ_WRITE : F7667D1F
16:08:05:250 2584 IRP_MJ_QUERY_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_SET_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_EA : 804F9759
16:08:05:250 2584 IRP_MJ_SET_EA : 804F9759
16:08:05:250 2584 IRP_MJ_FLUSH_BUFFERS : F76682E2
16:08:05:250 2584 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
16:08:05:250 2584 IRP_MJ_DIRECTORY_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_DEVICE_CONTROL : F76683BB
16:08:05:250 2584 IRP_MJ_INTERNAL_DEVICE_CONTROL : F766BF28
16:08:05:250 2584 IRP_MJ_SHUTDOWN : F76682E2
16:08:05:250 2584 IRP_MJ_LOCK_CONTROL : 804F9759
16:08:05:250 2584 IRP_MJ_CLEANUP : 804F9759
16:08:05:250 2584 IRP_MJ_CREATE_MAILSLOT : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_SECURITY : 804F9759
16:08:05:250 2584 IRP_MJ_SET_SECURITY : 804F9759
16:08:05:250 2584 IRP_MJ_POWER : F7669C82
16:08:05:250 2584 IRP_MJ_SYSTEM_CONTROL : F766E99E
16:08:05:250 2584 IRP_MJ_DEVICE_CHANGE : 804F9759
16:08:05:250 2584 IRP_MJ_QUERY_QUOTA : 804F9759
16:08:05:250 2584 IRP_MJ_SET_QUOTA : 804F9759
16:08:05:265 2584 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:08:05:265 2584
16:08:05:265 2584 Driver Name: atapi
16:08:05:265 2584 IRP_MJ_CREATE : F7978B40
16:08:05:265 2584 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
16:08:05:265 2584 IRP_MJ_CLOSE : F7978B40
16:08:05:265 2584 IRP_MJ_READ : 804F9759
16:08:05:265 2584 IRP_MJ_WRITE : 804F9759
16:08:05:265 2584 IRP_MJ_QUERY_INFORMATION : 804F9759
16:08:05:265 2584 IRP_MJ_SET_INFORMATION : 804F9759
16:08:05:265 2584 IRP_MJ_QUERY_EA : 804F9759
16:08:05:265 2584 IRP_MJ_SET_EA : 804F9759
16:08:05:265 2584 IRP_MJ_FLUSH_BUFFERS : 804F9759
16:08:05:265 2584 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
16:08:05:265 2584 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
16:08:05:265 2584 IRP_MJ_DIRECTORY_CONTROL : 804F9759
16:08:05:265 2584 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
16:08:05:265 2584 IRP_MJ_DEVICE_CONTROL : F7978B40
16:08:05:265 2584 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7978B40
16:08:05:265 2584 IRP_MJ_SHUTDOWN : 804F9759
16:08:05:265 2584 IRP_MJ_LOCK_CONTROL : 804F9759
16:08:05:265 2584 IRP_MJ_CLEANUP : 804F9759
16:08:05:265 2584 IRP_MJ_CREATE_MAILSLOT : 804F9759
16:08:05:265 2584 IRP_MJ_QUERY_SECURITY : 804F9759
16:08:05:265 2584 IRP_MJ_SET_SECURITY : 804F9759
16:08:05:265 2584 IRP_MJ_POWER : F7978B40
16:08:05:265 2584 IRP_MJ_SYSTEM_CONTROL : F7978B40
16:08:05:265 2584 IRP_MJ_DEVICE_CHANGE : 804F9759
16:08:05:265 2584 IRP_MJ_QUERY_QUOTA : 804F9759
16:08:05:265 2584 IRP_MJ_SET_QUOTA : 804F9759
16:08:05:265 2584 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
16:08:05:265 2584
16:08:05:265 2584 Completed
16:08:05:265 2584
16:08:05:265 2584 Results:
16:08:05:265 2584 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:08:05:265 2584 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:08:05:265 2584 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:08:05:265 2584
16:08:05:265 2584 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:08:05:265 2584 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:08:05:281 2584 KLMD(ARK) unloaded successfully



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,576 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:40 AM

Posted 10 March 2010 - 04:37 PM

Did you delete all items found by MBAM?

Please re-run Combofix and post me the log (no script this time).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users