Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I have a problem


  • Please log in to reply
24 replies to this topic

#1 Grandpasrt4

Grandpasrt4

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 23 June 2010 - 08:23 PM

Have seen this a few times (TR/Patched.Gen) during virus scans. Computer at times will freeze up and I will have to restart.

How does highjackthis look?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:17 PM, on 6/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1287
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146142995265
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essilor-event.webex.com/client/T26L...ent/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.essilor.net/dana-cached/setup/J...perSetupSP1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7961 bytes

Edited by Orange Blossom, 23 June 2010 - 09:17 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 29 June 2010 - 01:59 PM


Hello Grandpasrt4 smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



In order to better assist you I will need the following:




Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop, post the DDS.txt in the reply window and attach the Attach.txt









  • If you have any CD emulation software such as Daemon or Alcohol please run the following before you run GMER. If you do not skip DeFogger and go right on to GMER. If you do use it let me know so we can reenable when we finish up.



    Disable:


    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.



    Disable your antivirus along with other security programs such as Windows Defender or TeaTimer before running the following. Instructions can be found Here.



    Download GMER Rootkit Scanner from here to your desktop.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    Save it where you can easily find it, such as your desktop, and post it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




    If GMER does not want to run add the following to those that you unchecked and try it again:

    • Registry
    • Files












    Note: Please make only the Attach.txt from DDS an attachment, post the other logs directly into the reply window.



    Thanks,



    thewall



    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #3 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 24 July 2010 - 02:27 PM

    I forgot about this post. I am having problems with losing the internet at times. My daughter uses facebook and plays some farming game.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Compaq_Owner at 14:11:20.03 on Sat 07/24/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.364 [GMT -5:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxcycoms.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Lexmark 3400 Series\lxcymon.exe
    C:\Program Files\Lexmark 3400 Series\ezprint.exe
    C:\program files\common files\installshield\updateservice\issch.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\PK15GSHR\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyServer = http=127.0.0.1:1287
    uInternet Settings,ProxyOverride = <local>
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
    mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
    mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146142995265
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://essilor-event.webex.com/client/T26L/event/ieatgpc.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ssl.essilor.net/dana-cached/setup/JuniperSetupSP1.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-4 218592]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-11-1 6097]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-19 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-19 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-19 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-19 60936]
    R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
    S0 0efddae1ffd5d4a302cf444a5bd8deb6;0efddae1ffd5d4a302cf444a5bd8deb6;c:\windows\system32\0efddae1ffd5d4a302cf444a5bd8deb6.sys --> c:\windows\system32\0efddae1ffd5d4a302cf444a5bd8deb6.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 deaf;deaf;\??\c:\windows\system32\deaf.sys --> c:\windows\system32\deaf.sys [?]
    S2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys --> c:\windows\system32\drivers\A4SII300.SYS [?]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-11-1 299923]
    S4 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\spyware doctor\bdt\bdtupdateservice.exe" --> c:\program files\spyware doctor\bdt\BDTUpdateService.exe [?]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

    =============== Created Last 30 ================

    2010-07-22 14:16:24 0 d-sh--w- c:\documents and settings\compaq_owner\IECompatCache
    2010-07-22 14:14:47 0 d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
    2010-07-22 14:12:08 0 d-sh--w- c:\documents and settings\compaq_owner\IETldCache
    2010-07-22 14:08:19 0 d-----w- c:\windows\ie8updates
    2010-07-22 14:03:26 0 dc-h--w- c:\windows\ie8
    2010-07-22 14:03:07 0 d--h--w- c:\windows\msdownld.tmp
    2010-07-22 14:00:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-07-22 14:00:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-22 14:00:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-07-22 13:59:59 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-26 13:28:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-25 22:37:27 361940 ----a-w- C:\BdUninstallTool2010.06.25-05.37.27.reg

    ==================== Find3M ====================

    2010-06-19 02:07:11 38 ----a-w- C:\BdUninstallTool2010.06.18-09.06.20.reg
    2010-06-19 01:57:22 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
    2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
    2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys
    2010-04-26 20:58:12 256512 ----a-w- c:\windows\PEV.exe
    2003-08-05 17:41:44 53248 ----a-w- c:\windows\inf\ap561.exe
    2002-11-26 22:24:58 32768 ----a-w- c:\windows\inf\Remove561.exe
    2002-11-22 21:56:52 118784 ----a-w- c:\windows\inf\ShowBmp.exe
    2002-10-30 00:07:44 36864 ----a-w- c:\windows\inf\Setup8a.exe
    2002-10-01 20:43:32 119798 ----a-w- c:\windows\inf\spca561.sys
    2008-09-15 14:40:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 14:12:14.20 ===============

    Attached Files


    Edited by Grandpasrt4, 24 July 2010 - 02:31 PM.


    #4 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 24 July 2010 - 03:21 PM

    Could not run "Gmer". Tried to run it twice but it would freeze up my computer. I had to push the main power button to close.

    #5 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 24 July 2010 - 05:32 PM

    It would be helpful if we could get a GMER log. Try it one more time with only devices checked. If it still won't run then don't force the issue.
    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #6 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 24 July 2010 - 09:10 PM

    Tried 2 more times, but still freezes up during scan.

    #7 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 24 July 2010 - 09:54 PM

    Give RootRepeal a try. Also download RKill and run it right before you run RootRepeal.


    RKill by Grinler
    Link #1
    Link #2
    Link #3
    Link #4
    • Download Link #1.
    • Save it to your Desktop.
    • Double click the RKill desktop icon.
      If you are using Vista please right click and run as Admin!
    • A black screen will briefly flash indicating a successful run.
    • If this does not occur please delete that application and download Link #2.
    • Continue process until the tool runs.
    • If the tool does not run from any of the links tell me about it.





    We Need to check for Rootkits with RootRepeal
    1. Download RootRepeal from the following location and save it to your desktop.
    2. Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
    3. Open on your desktop.
    4. Click the tab.
    5. Click the button.
    6. Check all seven boxes:
    7. Push Ok
    8. Check the box for your main system drive (Usually C:), and press Ok.
    9. Allow RootRepeal to run a scan of your system. This may take some time.
    10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #8 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 25 July 2010 - 12:15 AM

    This worked

    ROOTREPEAL © AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/07/25 00:07
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xF11B3000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7B0A000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xEE637000 Size: 49152 File Visible: No Signed: -
    Status: -

    Hidden/Locked Files
    -------------------
    Path: c:\windows\temp\perflib_perfdata_22c.dat
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df1514.tmp
    Status: Allocation size mismatch (API: 24576, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df158.tmp
    Status: Allocation size mismatch (API: 32768, Raw: 16384)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df15a7.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df9dfb.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df3ad4.tmp
    Status: Allocation size mismatch (API: 131072, Raw: 16384)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df782e.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df8507.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~df85b1.tmp
    Status: Allocation size mismatch (API: 32768, Raw: 16384)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~dfef2b.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    Path: c:\documents and settings\compaq_owner\local settings\temp\~dff279.tmp
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    SSDT
    -------------------
    #: 041 Function Name: NtCreateKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e5112

    #: 047 Function Name: NtCreateProcess
    Status: Hooked by "PCTCore.sys" at address 0xf72c42d6

    #: 048 Function Name: NtCreateProcessEx
    Status: Hooked by "PCTCore.sys" at address 0xf72c44c8

    #: 053 Function Name: NtCreateThread
    Status: Hooked by "<unknown>" at address 0xf7c3bfbc

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e5900

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e5bb4

    #: 098 Function Name: NtLoadKey
    Status: Hooked by "<unknown>" at address 0xf7c3bfda

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e3e12

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "<unknown>" at address 0xf7c3bfa8

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "<unknown>" at address 0xf7c3bfad

    #: 192 Function Name: NtRenameKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e6020

    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "<unknown>" at address 0xf7c3bfe4

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "<unknown>" at address 0xf7c3bfdf

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "PCTCore.sys" at address 0xf72e53d2

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xf13cc620

    ==EOF==

    #9 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 25 July 2010 - 11:02 AM

    Run RKill once again right before running ComboFix.


    Please download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.





    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #10 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 25 July 2010 - 11:28 AM

    ComboFix 10-07-24.03 - Compaq_Owner 07/25/2010 11:17:39.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.570 [GMT -5:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible infected sites -----

    hxxp://download.yimg.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
    .

    2010-07-25 11:13 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\in00000\setup.exe
    2010-07-25 02:04 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\install.exe
    2010-07-25 02:04 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
    2010-07-25 01:23 . 2010-07-25 01:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-07-22 14:16 . 2010-07-22 14:16 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
    2010-07-22 14:14 . 2010-07-22 14:14 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
    2010-07-22 14:12 . 2010-07-22 14:12 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
    2010-07-22 14:08 . 2010-07-22 14:23 -------- d-----w- c:\windows\ie8updates
    2010-07-22 14:03 . 2010-07-22 14:06 -------- dc-h--w- c:\windows\ie8
    2010-07-22 14:03 . 2010-07-22 14:09 -------- d--h--w- c:\windows\msdownld.tmp
    2010-07-22 14:00 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-07-22 14:00 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-07-22 14:00 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-22 13:59 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-26 13:29 . 2010-06-26 13:29 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54e28b93-n\msvcp71.dll
    2010-06-26 13:29 . 2010-06-26 13:29 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54e28b93-n\jmc.dll
    2010-06-26 13:29 . 2010-06-26 13:29 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54e28b93-n\msvcr71.dll
    2010-06-26 13:29 . 2010-06-26 13:29 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47409e47-n\decora-sse.dll
    2010-06-26 13:29 . 2010-06-26 13:29 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47409e47-n\decora-d3d.dll
    2010-06-26 13:28 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-25 11:13 . 2008-10-08 16:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mjusbsp
    2010-07-25 02:04 . 2007-11-29 17:10 -------- d-----w- c:\program files\lx_cats
    2010-07-24 20:06 . 2010-06-05 23:00 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-24 19:43 . 2010-06-05 23:01 63488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-24 19:43 . 2010-06-05 23:01 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-22 14:39 . 2009-11-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-07-04 18:29 . 2010-06-20 17:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\HpUpdate
    2010-07-01 15:20 . 2010-06-12 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-27 15:40 . 2009-03-03 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-06-26 13:29 . 2007-01-21 04:16 -------- d-----w- c:\program files\Common Files\Java
    2010-06-26 13:28 . 2007-01-21 04:17 -------- d-----w- c:\program files\Java
    2010-06-20 13:10 . 2010-06-20 13:10 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50ee9486-n\msvcr71.dll
    2010-06-20 13:10 . 2010-06-20 13:10 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50ee9486-n\msvcp71.dll
    2010-06-20 13:10 . 2010-06-20 13:10 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50ee9486-n\jmc.dll
    2010-06-19 14:30 . 2010-06-19 14:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
    2010-06-19 14:21 . 2010-06-19 14:21 -------- d-----w- c:\program files\Avira
    2010-06-19 14:21 . 2010-06-19 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-06-19 07:02 . 2009-04-26 02:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-06-19 01:57 . 2009-05-10 22:48 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-06-16 16:12 . 2009-04-07 16:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-16 15:56 . 2010-06-13 16:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\v1Labs
    2010-06-16 13:11 . 2009-04-05 12:14 -------- d-----w- c:\program files\CCleaner
    2010-06-14 14:31 . 2004-08-04 12:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-13 16:38 . 2010-06-13 16:38 -------- d-----w- c:\program files\MySupport
    2010-06-13 05:11 . 2010-06-13 05:11 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-06-13 05:11 . 2010-06-13 05:11 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-06-13 05:11 . 2010-06-13 05:11 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-06-13 05:10 . 2010-06-13 05:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-06-12 15:15 . 2010-06-12 15:15 39304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-12 07:23 . 2010-06-12 07:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-06-12 01:17 . 2010-06-12 01:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
    2010-06-12 01:16 . 2010-06-12 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-12 00:48 . 2010-06-12 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
    2010-06-12 00:48 . 2009-07-27 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-06-12 00:48 . 2009-04-07 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-06-05 23:01 . 2010-06-05 23:01 52224 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-06-05 23:00 . 2010-06-05 23:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
    2010-06-05 23:00 . 2010-06-05 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-06-04 14:38 . 2010-06-04 14:32 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-06-04 14:32 . 2010-06-04 14:32 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PC Tools
    2010-06-04 14:32 . 2010-06-04 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-06-02 01:35 . 2007-12-05 16:27 -------- d-----w- c:\program files\Texas Holdem
    2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 20:39 . 2010-06-12 01:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-06-12 01:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-06-22_13.51.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-25 02:04 . 2010-07-25 02:04 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
    + 2005-12-13 10:26 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
    + 2007-02-12 15:05 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
    + 2010-06-12 00:44 . 2010-06-23 02:06 59072 c:\windows\system32\Restore\rstrlog.dat
    + 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
    + 2005-06-25 05:43 . 2010-06-23 15:35 71936 c:\windows\system32\perfc009.dat
    - 2005-06-25 05:43 . 2010-03-22 10:38 71936 c:\windows\system32\perfc009.dat
    + 2006-06-29 14:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
    - 2006-06-29 14:05 . 2006-06-29 14:05 23552 c:\windows\system32\normaliz.dll
    - 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
    + 2006-06-28 23:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
    - 2004-08-04 12:00 . 2006-10-17 17:28 48128 c:\windows\system32\mshtmler.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
    - 2004-08-04 12:00 . 2006-10-17 17:56 45568 c:\windows\system32\mshta.exe
    + 2006-10-17 17:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
    + 2006-11-08 03:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
    + 2006-11-07 09:26 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
    + 2004-08-04 12:00 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
    + 2006-06-29 14:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
    - 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
    + 2006-10-17 17:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
    - 2004-08-04 12:00 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
    + 2010-06-23 14:52 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
    + 2004-08-04 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
    - 2004-08-04 12:00 . 2006-10-17 17:28 48128 c:\windows\system32\dllcache\mshtmler.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2004-08-04 12:00 . 2006-10-17 17:56 45568 c:\windows\system32\dllcache\mshta.exe
    + 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
    + 2007-05-08 23:41 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
    + 2007-05-08 23:41 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2007-05-08 23:41 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2004-08-04 12:00 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
    + 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
    + 2004-08-04 12:00 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
    + 2010-06-23 14:52 . 2008-04-13 18:40 36352 c:\windows\system32\dllcache\disk.sys
    - 2004-08-04 12:00 . 2008-04-13 18:40 36352 c:\windows\system32\dllcache\disk.sys
    + 2004-08-04 12:00 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
    + 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
    + 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
    + 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2003-02-21 10:19 . 2003-02-21 10:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2010-07-22 14:08 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2010-07-22 14:08 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    + 2010-07-22 14:08 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2010-07-22 14:05 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 44544 c:\windows\ie8\pngfilt.dll
    + 2010-07-22 14:03 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
    + 2010-07-22 14:03 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
    + 2010-07-22 14:03 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
    + 2010-07-22 14:03 . 2010-05-04 17:20 52224 c:\windows\ie8\msfeedsbs.dll
    + 2010-07-22 14:03 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 27648 c:\windows\ie8\jsproxy.dll
    + 2010-07-22 14:03 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
    + 2010-07-22 14:03 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
    + 2010-07-22 14:03 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 44544 c:\windows\ie8\iernonce.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 78336 c:\windows\ie8\ieencode.dll
    + 2010-07-22 14:03 . 2010-05-04 12:39 70656 c:\windows\ie8\ie4uinit.exe
    + 2010-07-22 14:03 . 2010-05-04 17:20 63488 c:\windows\ie8\icardie.dll
    + 2010-07-22 14:03 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 17408 c:\windows\ie8\corpol.dll
    + 2010-07-22 14:03 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
    + 2010-06-23 15:32 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
    + 2010-06-23 15:32 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
    + 2010-06-23 15:32 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
    + 2010-06-23 15:32 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_147c3dbf\System.Drawing.Design.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a1fa652d\CustomMarshalers.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
    + 2010-06-23 15:29 . 2010-06-23 15:29 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
    + 2010-06-23 15:37 . 2010-06-23 15:37 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
    + 2010-06-23 15:28 . 2010-06-23 15:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
    + 2010-06-23 15:37 . 2010-06-23 15:37 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-09 00:22 . 2009-08-09 00:22 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-23 15:23 . 2008-04-14 00:11 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
    + 2010-06-23 15:32 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
    + 2010-06-23 15:32 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
    + 2010-05-04 13:19 . 2010-05-04 13:19 13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
    + 2010-05-04 13:19 . 2010-05-04 13:19 70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
    + 2010-05-04 17:19 . 2010-05-04 17:19 17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
    + 2010-06-23 15:31 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
    + 2010-06-23 15:31 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
    + 2010-06-23 15:23 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
    + 2010-06-23 15:23 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
    + 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
    + 2010-06-23 15:28 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
    + 2010-06-23 15:28 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2005-03-21 16:00 . 2005-03-21 16:00 4096 c:\windows\system32\sabprocenum.sys
    + 2010-07-22 14:08 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB982632-IE8\iecompat.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2006-11-21 16:09 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
    - 2006-11-21 16:09 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
    + 2006-10-17 18:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
    + 2004-08-04 12:00 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
    + 2004-08-04 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
    - 2004-08-04 12:00 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
    + 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
    + 2005-06-25 05:43 . 2010-06-23 15:35 442796 c:\windows\system32\perfh009.dat
    - 2005-06-25 05:43 . 2010-03-22 10:38 442796 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
    + 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
    - 2004-08-04 12:00 . 2006-11-08 03:03 156160 c:\windows\system32\msls31.dll
    + 2006-11-08 03:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
    + 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
    + 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
    + 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
    + 2010-06-26 13:28 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
    - 2009-08-10 00:04 . 2009-07-25 10:23 145184 c:\windows\system32\javaw.exe
    + 2010-06-26 13:28 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
    - 2009-08-10 00:04 . 2009-07-25 10:23 145184 c:\windows\system32\java.exe
    + 2010-06-26 13:28 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
    + 2006-11-08 03:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
    + 2006-10-17 17:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
    + 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
    - 2005-06-25 05:42 . 2009-11-16 09:20 172280 c:\windows\system32\FNTCACHE.DAT
    + 2005-06-25 05:42 . 2010-06-23 15:39 172280 c:\windows\system32\FNTCACHE.DAT
    - 2004-08-04 12:00 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 12:00 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
    + 2004-08-04 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
    - 2004-08-04 12:00 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
    + 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
    + 2004-08-04 12:00 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
    + 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
    - 2004-08-04 12:00 . 2006-11-08 03:03 156160 c:\windows\system32\dllcache\msls31.dll
    + 2007-05-08 23:41 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
    + 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
    + 2004-08-04 12:00 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
    + 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-05-08 23:41 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
    + 2004-08-04 12:00 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
    + 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2004-08-04 12:00 . 2008-04-14 00:12 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2004-08-04 12:00 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    - 2004-08-04 12:00 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2004-08-04 12:00 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
    + 2004-08-04 12:00 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
    - 2004-08-04 12:00 . 2008-04-14 00:09 285696 c:\windows\system32\dllcache\atmfd.dll
    + 2004-08-04 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
    + 2004-08-04 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd.dll
    - 2004-08-04 12:00 . 2008-04-14 00:09 285696 c:\windows\system32\atmfd.dll
    + 2004-08-04 12:00 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
    + 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\c0a32.msp
    + 2010-06-27 20:56 . 2010-06-27 20:56 908288 c:\windows\Installer\9ed0f8b.msi
    + 2010-06-26 13:29 . 2010-06-26 13:29 180224 c:\windows\Installer\32c3d39.msi
    + 2010-06-27 20:56 . 2010-06-27 20:56 102400 c:\windows\Installer\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
    - 2010-04-17 23:28 . 2010-04-17 23:33 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
    + 2010-04-17 23:28 . 2010-06-30 15:44 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
    + 2010-07-22 14:08 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll
    + 2010-07-22 14:08 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe
    + 2010-07-22 14:08 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    + 2010-07-22 14:08 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    + 2010-07-22 14:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2010-07-22 14:08 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
    + 2010-07-22 14:08 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2010-07-22 14:08 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    + 2010-07-22 14:08 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2010-07-22 14:08 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    + 2010-07-22 14:08 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2010-07-22 14:08 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    + 2010-07-22 14:08 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2010-07-22 14:23 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    + 2010-07-22 14:23 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    + 2010-07-22 14:23 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2010-07-22 14:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
    + 2010-07-22 14:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
    + 2010-07-22 14:22 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
    + 2010-07-22 14:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2010-07-22 14:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2010-07-22 14:22 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 832512 c:\windows\ie8\wininet.dll
    + 2010-07-22 14:03 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
    + 2010-07-22 14:03 . 2010-05-04 17:20 233472 c:\windows\ie8\webcheck.dll
    + 2010-07-22 14:03 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
    + 2010-07-22 14:03 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 105984 c:\windows\ie8\url.dll
    + 2010-07-22 14:05 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    + 2010-07-22 14:05 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    + 2010-07-22 14:03 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
    + 2010-07-22 14:03 . 2010-05-04 17:20 102912 c:\windows\ie8\occache.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 671232 c:\windows\ie8\mstime.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 193024 c:\windows\ie8\msrating.dll
    + 2010-07-22 14:03 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 477696 c:\windows\ie8\mshtmled.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 459264 c:\windows\ie8\msfeeds.dll
    + 2010-07-22 14:03 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
    + 2010-07-22 14:03 . 2010-04-16 11:43 634656 c:\windows\ie8\iexplore.exe
    + 2010-07-22 14:03 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 268288 c:\windows\ie8\iertutil.dll
    + 2010-07-22 14:03 . 2006-11-08 03:03 287744 c:\windows\ie8\ieproxy.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 192512 c:\windows\ie8\iepeers.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 385024 c:\windows\ie8\iedkcs32.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 380928 c:\windows\ie8\ieapfltr.dll
    + 2010-07-22 14:03 . 2010-04-16 11:43 161792 c:\windows\ie8\ieakui.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 230400 c:\windows\ie8\ieaksie.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 153088 c:\windows\ie8\ieakeng.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 214528 c:\windows\ie8\dxtrans.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 347136 c:\windows\ie8\dxtmsft.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 124928 c:\windows\ie8\advpack.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
    + 2010-06-23 15:32 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
    + 2010-06-23 15:32 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
    + 2010-06-23 15:32 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
    + 2010-06-23 15:32 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
    + 2010-06-23 15:32 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
    + 2010-06-23 15:32 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
    + 2009-05-14 20:41 . 2009-05-14 20:41 380144 c:\windows\Downloaded Program Files\sabspx.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_847516e1\System.Drawing.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_444c00f7\System.Drawing.Design.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4c9d270f\CustomMarshalers.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
    + 2010-06-23 15:43 . 2010-06-23 15:43 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
    + 2010-06-23 16:22 . 2010-06-23 16:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
    + 2010-06-23 15:33 . 2010-06-23 15:33 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
    + 2010-06-23 16:23 . 2010-06-23 16:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
    + 2010-06-23 15:31 . 2010-06-23 15:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
    + 2010-06-23 16:23 . 2010-06-23 16:23 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2010-06-23 16:22 . 2010-06-23 16:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
    + 2010-06-23 16:23 . 2010-06-23 16:23 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-06-23 15:27 . 2010-06-23 15:27 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-06-23 15:27 . 2010-06-23 15:27 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2009-08-09 00:22 . 2009-08-09 00:22 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
    + 2010-06-23 15:17 . 2008-04-14 00:09 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
    + 2010-06-23 15:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
    + 2010-06-23 15:31 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
    + 2010-06-23 15:23 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
    + 2010-06-23 15:23 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
    + 2010-06-23 15:17 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
    + 2010-06-23 15:17 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
    + 2010-06-23 15:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
    + 2010-06-23 15:28 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
    + 2010-06-23 15:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
    + 2010-06-23 15:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
    + 2010-06-23 15:32 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 841216 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 233472 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 105984 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 102912 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 671232 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 477696 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 459264 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
    + 2010-04-16 11:08 . 2010-04-16 11:08 634648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 268288 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 388608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 380928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
    + 2010-04-16 11:06 . 2010-04-16 11:06 161792 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 230400 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 153088 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 132608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 214528 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 347136 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
    + 2010-05-04 17:19 . 2010-05-04 17:19 124928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
    + 2010-06-23 15:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
    + 2010-06-23 15:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
    + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
    + 2010-06-23 15:22 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
    + 2010-06-23 15:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
    + 2010-06-23 15:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
    + 2010-06-23 15:31 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
    + 2010-06-23 15:31 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
    + 2010-06-23 15:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
    + 2010-06-23 15:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
    + 2010-06-23 15:23 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
    + 2010-06-23 15:28 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
    + 2010-06-23 15:28 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
    + 2010-06-23 15:28 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
    + 2004-08-04 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
    - 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
    + 2004-08-04 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
    + 2006-10-17 17:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
    + 2006-09-06 05:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
    + 2004-08-04 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
    + 2004-08-04 12:00 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
    + 2004-08-04 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-04 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
    - 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
    + 2004-08-04 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
    + 2007-05-08 23:41 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
    + 2007-05-08 23:41 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
    + 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
    + 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\c0a86.msp
    + 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\c0a5d.msp
    + 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\c0a5c.msp
    + 2010-06-17 08:25 . 2010-06-17 08:25 3906560 c:\windows\Installer\3c0e4.msp
    + 2010-07-22 14:08 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2010-07-22 14:08 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    + 2010-07-22 14:08 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 1168384 c:\windows\ie8\urlmon.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 3600384 c:\windows\ie8\mshtml.dll
    + 2010-07-22 14:03 . 2010-05-04 17:20 6067200 c:\windows\ie8\ieframe.dll
    + 2010-07-22 14:03 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
    + 2010-06-23 15:32 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
    + 2010-06-23 15:32 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
    + 2010-06-27 20:56 . 2010-06-27 20:56 1817600 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{6EDE20CD-178C-4D5C-A9D1-9B356B2E4EDD}\HP Update.msi
    + 2009-08-09 00:22 . 2009-08-09 00:22 1245184 c:\windows\assembly\temp\JW5EMV4DMV\WindowsBase.dll
    + 2009-08-10 00:59 . 2009-08-10 00:59 5283840 c:\windows\assembly\temp\3DLT19HPX5\PresentationFramework.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cef7ee24\System.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7ab1a740\System.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c672c465\System.Xml.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_353835a9\System.Xml.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ea04d325\System.Windows.Forms.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_403006a7\System.Windows.Forms.dll
    + 2010-06-23 15:25 . 2010-06-23 15:25 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e7e6a3e5\System.Drawing.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c02b1eb8\System.Design.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3d0bf372\System.Design.dll
    + 2010-06-23 15:25 . 2010-06-23 15:25 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f66826a6\mscorlib.dll
    + 2010-06-23 15:24 . 2010-06-23 15:24 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ae2e0262\mscorlib.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
    + 2010-06-23 15:37 . 2010-06-23 15:37 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
    + 2010-06-23 16:22 . 2010-06-23 16:22 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
    + 2010-06-23 16:22 . 2010-06-23 16:22 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
    + 2010-06-23 15:33 . 2010-06-23 15:33 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
    + 2010-06-23 15:32 . 2010-06-23 15:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
    + 2010-06-23 15:31 . 2010-06-23 15:31 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
    + 2010-06-23 16:24 . 2010-06-23 16:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
    + 2010-06-23 16:23 . 2010-06-23 16:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
    + 2010-06-23 15:36 . 2010-06-23 15:36 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-06-23 15:28 . 2010-06-23 15:28 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2010-06-23 15:36 . 2010-06-23 15:36 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-10-19 08:09 . 2009-10-19 08:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-08-09 00:22 . 2009-08-09 00:22 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2010-06-23 15:36 . 2010-06-23 15:36 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2009-10-19 08:10 . 2009-10-19 08:10 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-06-23 15:35 . 2010-06-23 15:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2009-10-19 08:02 . 2009-10-19 08:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2010-06-23 15:23 . 2010-06-23 15:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-10-19 08:02 . 2009-10-19 08:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-06-23 15:31 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
    + 2010-06-23 15:17 . 2009-05-20 09:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
    + 2010-06-23 15:28 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 1171968 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 3603456 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 6071296 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
    + 2010-06-22 18:26 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
    + 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
    + 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
    + 2006-04-27 13:01 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
    + 2006-11-08 03:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
    + 2007-05-08 23:41 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
    + 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
    + 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\c0a93.msp
    + 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\c0a6c.msp
    + 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\c0a51.msp
    + 2010-07-22 14:08 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    + 2010-06-23 15:43 . 2010-06-23 15:43 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
    + 2010-06-23 16:25 . 2010-06-23 16:25 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
    + 2010-06-23 16:22 . 2010-06-23 16:22 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
    + 2010-06-23 15:33 . 2010-06-23 15:33 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
    + 2010-06-23 15:30 . 2010-06-23 15:30 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
    + 2010-06-23 15:42 . 2010-06-23 15:42 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
    + 2010-06-23 15:29 . 2010-06-23 15:29 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
    + 2010-06-23 15:37 . 2010-06-23 15:37 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-24 2403568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-13 180269]
    "lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
    "EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
    "LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-28 221184]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
    "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-13 27136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/4/2010 9:32 AM 218592]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [11/1/2006 12:11 PM 6097]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/19/2010 9:21 AM 135336]
    R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
    S0 0efddae1ffd5d4a302cf444a5bd8deb6;0efddae1ffd5d4a302cf444a5bd8deb6;c:\windows\system32\0efddae1ffd5d4a302cf444a5bd8deb6.sys --> c:\windows\system32\0efddae1ffd5d4a302cf444a5bd8deb6.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S1 deaf;deaf;\??\c:\windows\system32\deaf.sys --> c:\windows\system32\deaf.sys [?]
    S2 A4SII300;A4SII300;c:\windows\system32\drivers\A4SII300.SYS --> c:\windows\system32\drivers\A4SII300.SYS [?]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [11/1/2006 12:11 PM 299923]
    S4 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyServer = http=127.0.0.1:1287
    uInternet Settings,ProxyOverride = <local>
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-25 11:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(772)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-07-25 11:25:39
    ComboFix-quarantined-files.txt 2010-07-25 16:25
    ComboFix2.txt 2010-06-22 13:54

    Pre-Run: 71,501,303,808 bytes free
    Post-Run: 71,577,751,552 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B4E4C860EC72F3084CF23F0BC42F7A3C


    #11 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 25 July 2010 - 11:57 AM

    Do you know what the following belongs to? It is a service showing as stopped but I would still like to have an idea what it is so I can eliminate it as an source of problems.


    S0 0efddae1ffd5d4a302cf444a5bd8deb6;0efddae1ffd5d4a302cf444a5bd8deb6;



    Also give me a rundown on any problems you are experiencing now.
    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #12 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 25 July 2010 - 12:10 PM

    QUOTE(thewall @ Jul 25 2010, 11:57 AM) View Post
    Do you know what the following belongs to? It is a service showing as stopped but I would still like to have an idea what it is so I can eliminate it as an source of problems.


    S0 0efddae1ffd5d4a302cf444a5bd8deb6;0efddae1ffd5d4a302cf444a5bd8deb6;



    Also give me a rundown on any problems you are experiencing now.



    Not sure, but I do have "magic jack" as my land line phone.

    Right now everything seems to be running good. My daughter was on "face book" earlier and the internet connection has not went down. Will have to wait and see if it disconnects.

    What is the proper way to delete "combofix"?

    Thanks for your help.

    #13 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 25 July 2010 - 12:42 PM

    I'll give you the instructions for removing ComboFix right before we finish up but let's not do that yet. First I need for you to run a scan.


    It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:



    Please perform a scan with Kaspersky Online Virus Scanner.
    -- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
    -- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
    • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
    • Read the "Advantages - Requirements and Limitations" then press the ... button.
    • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
    • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.
    • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:
      • Detect malicious programs of the following categories:
        Viruses, Worms, Trojan Horses, Rootkits
        Spyware, Adware, Dialers and other potentially dangerous programs
      • Scan compound files (doesn't apply to the File scan area):
        Archives
        Mail databases
    • Click on My Computer under the Scan section. OK any warnings from your protection programs.
    • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
    • Click on Save Report As... and change the Files of type to Text file (.txt)
    • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
    • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
    -- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #14 Grandpasrt4

    Grandpasrt4
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:10:54 AM

    Posted 25 July 2010 - 01:00 PM

    I update java, but I still get this error.
    I have Avira antivirus, malwarebytes, superantivirus professional.
    I disabled Avira and still get this message.



    #15 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:11:54 AM

    Posted 25 July 2010 - 01:20 PM

    Are you still losing your internet connections?
    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users