Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect problems


  • This topic is locked This topic is locked
7 replies to this topic

#1 tawilliams

tawilliams

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 07 July 2011 - 11:09 AM

I am having some issues with browser redirects when I click on search results from google. I have run malware bytes (fully updated) as well as hit man pro 3.5 and neither find any problems. I have attached the gmer and otl logs.

GMER Log


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-07 10:45:24
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
Running: gmer.exe; Driver: C:\DOCUME~1\WELLS\LOCALS~1\Temp\agrcypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79944D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF7994520]

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F751FBD0 4 Bytes [40, A3, 53, 80]
INITc VolSnap.sys F751FBF8 4 Bytes [82, A1, 4F, 80]
INITc VolSnap.sys F751FC20 4 Bytes [80, AE, 4F, 80]
INITc VolSnap.sys F751FC49 3 Bytes [FF, 4F, 80] {DEC DWORD [EDI-0x80]}
INITc VolSnap.sys F751FC70 4 Bytes [44, A8, 4F, 80]
INITc ...
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF2A5CA00]
? C:\DOCUME~1\WELLS\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 00B06811
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06A1C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1556] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 00B06811
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06A1C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2104] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C2000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2708] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2708] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0079000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0075000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] WS2_32.dll!send 71AB428A 5 Bytes JMP 0077000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0078000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3768] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0076000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:124] 85ED5E7A
Thread System [4:128] 85ED8008

---- EOF - GMER 1.0.15 ----

OTL Log

OTL logfile created on: 7/7/2011 10:55:20 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\WELLS\Desktop\Malware removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 308.02 Mb Available Physical Memory | 31.12% Memory free
2.33 Gb Paging File | 1.65 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 51.98 Gb Free Space | 69.81% Space Free | Partition Type: NTFS
Drive F: | 74.31 Gb Total Space | 60.39 Gb Free Space | 81.27% Space Free | Partition Type: FAT32
Drive J: | 465.76 Gb Total Space | 223.62 Gb Free Space | 48.01% Space Free | Partition Type: NTFS
Drive K: | 930.50 Gb Total Space | 788.57 Gb Free Space | 84.75% Space Free | Partition Type: NTFS
Drive Y: | 930.50 Gb Total Space | 788.57 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ADMIN_OFFICE | User Name: WELLS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WELLS\Desktop\Malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\WELLS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\EagleSoft\Shared Files\esinetconnect.exe (Patterson Companies, Inc.)
PRC - C:\Program Files\Barracuda\Yosemite Server Backup\win\x86\ytwinsdr.exe (Barracuda Networks, Inc.)
PRC - C:\Program Files\Barracuda\Yosemite Server Backup\win\x86\ytwingqa.exe (Barracuda Networks, Inc.)
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\WELLS\Desktop\Malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sunbelt Software\SBEAgent\oehook.dll (Nektra S.A.)
MOD - C:\WINDOWS\system32\vbscript.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sxs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemcomn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemprox.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (ESCameraService) -- C:\EagleSoft\Shared Files\ESCameraService.exe ()
SRV - (YTBackup) -- C:\Program Files\Barracuda\Yosemite Server Backup\win\x86\ytwinsdr.exe (Barracuda Networks, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (atiide) -- C:\WINDOWS\system32\DRIVERS\atiide.sys (ATI Technologies Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (VistaRayScanner) -- C:\WINDOWS\system32\drivers\VistaRayScanner-EPP.sys (Air Techniques)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: 3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c602554&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/28 17:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 16:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/13 17:14:52 | 000,000,000 | ---D | M]

[2008/10/06 08:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WELLS\Application Data\Mozilla\Extensions
[2011/04/08 09:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WELLS\Application Data\Mozilla\Firefox\Profiles\umalvr29.default\extensions
[2010/08/09 11:09:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WELLS\Application Data\Mozilla\Firefox\Profiles\umalvr29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/13 17:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/04/21 08:43:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/06 16:23:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/04/08 11:27:15 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/04/08 11:27:16 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/04/08 11:27:23 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/04/08 11:27:10 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/08/06 08:38:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ESInetConnect] C:\EagleSoft\Shared Files\esinetconnect.exe (Patterson Companies, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Yosemite Server Backup Quick Access.lnk = C:\Program Files\Barracuda\Yosemite Server Backup\win\x86\ytwingqa.exe (Barracuda Networks, Inc.)
O4 - Startup: C:\Documents and Settings\WELLS\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\WELLS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (isInstalled Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pattersonsupport.webex.com/client/T27L10NSP21/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.150.23 205.152.132.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WELLS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WELLS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 09:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WELLS\Desktop\Malware removal
[2011/06/22 21:46:30 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2011/06/13 17:26:25 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\WELLS\My Documents\Firefox Setup 4.0.1.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 10:15:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 09:15:37 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/07 08:52:11 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\HiJackThis.lnk
[2011/07/06 18:27:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 18:21:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1055808576-3399974807-1218163315-1006.job
[2011/07/06 18:21:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1055808576-3399974807-1218163315-1006.job
[2011/07/06 16:41:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Microsoft Word.lnk
[2011/07/06 16:20:26 | 000,010,811 | ---- | M] () -- C:\WINDOWS\System32\ESDictionary.dic
[2011/07/06 12:15:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 11:18:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 11:17:09 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/07/06 11:16:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 10:12:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 10:11:59 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 09:34:45 | 000,046,228 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\radio_exam.jpg
[2011/07/06 09:31:35 | 000,111,767 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\0_Pan.jpg
[2011/06/29 17:20:57 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/27 17:04:59 | 000,153,386 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Shaun Inman 6-27-11.JPG
[2011/06/27 12:43:53 | 000,049,958 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Carol Hendry 9-22-10.JPG
[2011/06/23 16:52:21 | 000,010,811 | ---- | M] () -- C:\WINDOWS\System32\ESDictionary.cud
[2011/06/23 13:51:09 | 000,046,783 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Jacqueline Batdorf 5-25-11.JPG
[2011/06/23 13:51:09 | 000,006,398 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Jacqueline Batdorf letter.pdf
[2011/06/22 21:46:30 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2011/06/16 14:19:56 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/06/16 14:19:52 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/06/16 14:19:51 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/06/15 14:41:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/06/14 09:44:45 | 000,467,496 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/14 09:44:45 | 000,078,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/13 17:30:35 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\EagleSoftEventLog.evt
[2011/06/13 17:26:45 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WELLS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/13 17:26:45 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/13 17:26:25 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\WELLS\My Documents\Firefox Setup 4.0.1.exe
[2011/06/09 14:39:51 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\WELLS\Desktop\Shortcut to JAIME.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 11:29:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 09:34:45 | 000,046,228 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\radio_exam.jpg
[2011/07/06 09:31:35 | 000,111,767 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\0_Pan.jpg
[2011/06/27 17:04:59 | 000,153,386 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\Shaun Inman 6-27-11.JPG
[2011/06/27 12:43:53 | 000,049,958 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\Carol Hendry 9-22-10.JPG
[2011/06/23 13:51:09 | 000,046,783 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\Jacqueline Batdorf 5-25-11.JPG
[2011/06/23 13:51:09 | 000,006,398 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\Jacqueline Batdorf letter.pdf
[2011/06/13 17:26:45 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WELLS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/13 17:26:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/13 17:26:45 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/09 14:39:51 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\WELLS\Desktop\Shortcut to JAIME.lnk
[2011/06/06 16:15:03 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17817380r
[2011/06/06 16:15:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17817380
[2011/06/06 16:14:58 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17817380
[2011/05/09 14:14:43 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/25 16:12:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PadCom8810Serial.dll
[2011/03/25 16:12:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/09/20 16:32:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\WELLS\Local Settings\Application Data\prvlcl.dat
[2010/08/12 03:02:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/06 08:29:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 08:29:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/06 08:29:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/06 08:29:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/06 08:29:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/26 08:29:16 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xtajuraqila.dat
[2010/07/26 08:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xkiyunane.bin
[2010/02/23 15:42:40 | 001,428,480 | ---- | C] () -- C:\WINDOWS\System32\XCTransaction2.dll
[2009/10/13 09:19:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/10/13 09:19:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/10/13 09:18:55 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/10/13 09:18:54 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/10/13 09:18:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2009/10/13 09:18:49 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/10/13 09:18:05 | 000,000,320 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/04/13 10:43:33 | 000,110,389 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/04/13 10:43:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/04/13 10:42:56 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2008/10/06 08:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/24 11:44:17 | 000,004,748 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2007/10/01 17:39:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SDInstall.dll
[2007/10/01 17:39:47 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\PWEventMessage.dll
[2007/02/23 14:10:35 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2007/02/23 14:10:35 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007/02/23 14:06:00 | 000,004,436 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2007/02/23 14:03:36 | 000,000,107 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2007/02/23 14:03:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\dbbrowse.ini
[2007/02/23 14:03:27 | 000,023,989 | ---- | C] () -- C:\WINDOWS\Exact.ini
[2007/02/23 12:28:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\WELLS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/23 12:04:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\WELLS\Local Settings\Application Data\fusioncache.dat
[2007/02/14 23:34:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/14 23:30:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/14 23:06:50 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/14 23:06:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/02/14 23:06:34 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,467,496 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,078,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< CODE >

< %SYSTEMDRIVE%\*.* >
[2009/06/26 12:13:54 | 000,001,024 | ---- | M] () -- C:\.rnd
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/01 15:46:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/15 14:41:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/06 08:42:30 | 000,016,298 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/14 23:08:00 | 000,004,954 | R--- | M] () -- C:\dell.sdr
[2011/04/04 09:38:18 | 012,580,112 | ---- | M] (Mozilla) -- C:\Firefox Setup 4.0.exe
[2011/07/06 10:11:59 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/23 13:38:40 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/06 10:11:58 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2011/07/06 17:28:06 | 000,001,402 | ---- | M] () -- C:\serf_conf.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp054.dll
[2005/03/18 06:18:56 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\IMFPRINT.DLL
[2011/06/16 14:19:55 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-17 08:02:46

< End of report >

Attached Files

  • Attached File  gmer.log   11.59KB   0 downloads
  • Attached File  OTL.Txt   63.03KB   0 downloads


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 07 July 2011 - 09:24 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\..\URLSearchHook: 3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 tawilliams

tawilliams
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 07 July 2011 - 10:39 PM

OTL Log

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\3 not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

OTL by OldTimer - Version 3.2.26.1 log created on 07072011_220456


Combo Fix log
ComboFix 11-07-07.05 - WELLS 07/07/2011 22:12:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.329 [GMT -5:00]
Running from: c:\documents and settings\WELLS\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\WELLS\g2mdlhlpx.exe
c:\documents and settings\WELLS\Start Menu\Programs\Windows XP Restore
c:\documents and settings\WELLS\Start Menu\Programs\Windows XP Restore\Uninstall Windows XP Restore.lnk
c:\documents and settings\WELLS\Start Menu\Programs\Windows XP Restore\Windows XP Restore.lnk
c:\documents and settings\WELLS\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 03:04 . 2011-07-08 03:04 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 14:15 . 2011-05-09 19:14 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-06 16:18 . 2011-05-17 14:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 19:19 . 2009-06-26 17:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-16 19:19 . 2009-06-26 17:14 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-16 19:19 . 2009-06-26 17:14 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-16 19:19 . 2009-06-26 17:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-06 22:49 . 2011-06-06 22:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-29 14:11 . 2010-08-06 13:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 20:16 . 2011-04-29 20:16 1062984 ----a-w- c:\documents and settings\WELLS\gotomypc_540.exe
2011-04-28 22:32 . 2007-02-23 18:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-08 16:27 . 2009-04-08 16:27 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 16:27 . 2009-04-08 16:27 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 16:27 . 2009-04-08 16:27 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-07-06 21:23 . 2011-06-13 22:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2010-08-06_13.38.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-07-06 15:12 . 2011-07-06 15:12 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2007-02-15 04:26 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
- 2009-06-26 17:14 . 2010-06-10 12:02 54656 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 54656 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 54656 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2009-06-26 17:14 . 2010-06-10 12:02 54656 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 42880 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 54656 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2009-06-26 17:14 . 2010-06-10 12:02 54656 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 54656 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2009-06-26 17:14 . 2010-06-10 12:02 54656 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2009-06-26 17:14 . 2011-06-16 19:19 42880 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2007-02-15 04:26 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2011-03-25 21:12 . 2005-10-27 21:29 81920 c:\windows\system32\ScriptIfaceUSB.dll
+ 2011-03-25 21:12 . 2005-10-27 21:29 90112 c:\windows\system32\ScriptIface.dll
+ 2010-09-24 03:56 . 2010-09-24 03:56 27984 c:\windows\system32\sbbd.exe
+ 2004-08-11 22:00 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2011-06-14 14:44 78576 c:\windows\system32\perfc009.dat
+ 2011-03-25 21:12 . 2005-10-27 21:28 61440 c:\windows\system32\PadHid.dll
+ 2011-03-25 21:12 . 2005-11-21 19:30 45056 c:\windows\system32\PadCom8810Serial.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-11 22:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-11 22:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 09:31 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-11 22:00 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-11 22:00 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-11 22:00 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2010-05-13 12:56 . 2010-05-13 12:56 98392 c:\windows\system32\drivers\SBREDrv.sys
+ 2011-04-29 17:18 . 2010-07-27 09:48 94040 c:\windows\system32\drivers\sbhips.sys
+ 2011-04-29 17:18 . 2010-04-15 23:35 68696 c:\windows\system32\drivers\SbFwIm.sys
+ 2011-04-29 17:18 . 2010-06-14 19:54 69976 c:\windows\system32\drivers\sbapifs.sys
+ 2011-04-29 17:18 . 2010-06-14 19:54 21464 c:\windows\system32\drivers\sbaphd.sys
+ 2011-04-13 13:22 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-02-15 04:19 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-02-15 04:19 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2011-04-13 13:22 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 09:34 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-02-15 04:19 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-02-15 04:19 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 09:24 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 09:33 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-11 22:00 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
- 2007-02-23 16:59 . 2010-08-06 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-06 16:10 . 2011-06-06 20:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-23 16:59 . 2011-06-06 20:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-23 16:59 . 2010-08-06 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-23 16:59 . 2010-08-06 13:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-06 16:10 . 2011-06-06 20:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2011-04-28 22:33 . 2011-04-28 22:33 18944 c:\windows\Installer\c00fe06.msi
+ 2011-04-28 22:32 . 2011-04-28 22:32 92672 c:\windows\Installer\c00fdfd.msi
+ 2011-06-03 17:11 . 2011-06-03 17:11 21504 c:\windows\Installer\9494e1.msi
+ 2011-05-05 14:24 . 2011-05-05 14:24 28160 c:\windows\Installer\1e4596da.msi
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut9_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 40960 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut8_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 40960 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut6_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut5_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut2_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut19_69AEEF90C9A649BEB28571A9BD0A2708.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut18_655F6A2A7D994ED49DECB7DFC94BB794.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut14_207DBA6EFEE14469B38EFA9101B26FB2.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut13_22803518EFB245B7BA6478B06395480E.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 45056 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut12_207DBA6EFEE14469B38EFA9101B26FB2.exe
+ 2011-06-03 14:26 . 2011-06-03 14:26 40960 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut11_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-04-29 18:03 . 2011-04-29 18:03 53248 c:\windows\Installer\{9D544611-F437-4153-913E-91CE036583CC}\ARPPRODUCTICON.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut9_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 40960 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut8_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 40960 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut6_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut5_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut2_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut19_69AEEF90C9A649BEB28571A9BD0A2708.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut18_655F6A2A7D994ED49DECB7DFC94BB794.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut14_207DBA6EFEE14469B38EFA9101B26FB2.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut13_22803518EFB245B7BA6478B06395480E.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 45056 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut12_207DBA6EFEE14469B38EFA9101B26FB2.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 40960 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut11_68B68DF92A3A4B7195092926F0505ED9.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-04-13 13:32 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-04-13 13:32 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-04-13 13:32 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 37888 c:\windows\ie8\url.dll
+ 2011-04-13 13:29 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 39424 c:\windows\ie8\pngfilt.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 96256 c:\windows\ie8\occache.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 56832 c:\windows\ie8\mshtmler.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 29184 c:\windows\ie8\mshta.exe
+ 2011-04-13 13:28 . 2004-08-04 10:00 22016 c:\windows\ie8\licmgr10.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 16384 c:\windows\ie8\jsproxy.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 96256 c:\windows\ie8\inseng.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 35840 c:\windows\ie8\imgutil.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 93184 c:\windows\ie8\iexplore.exe
+ 2011-04-13 13:28 . 2004-08-04 10:00 62976 c:\windows\ie8\iesetup.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 48640 c:\windows\ie8\iernonce.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 81920 c:\windows\ie8\ieencode.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2011-04-13 13:28 . 2004-08-04 10:00 38912 c:\windows\ie8\hmmapi.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 35328 c:\windows\ie8\corpol.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 99840 c:\windows\ie8\advpack.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 61440 c:\windows\ie8\admparse.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 41984 c:\windows\Downloaded Program Files\WebEx\1032\wbxtrace.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 85504 c:\windows\Downloaded Program Files\WebEx\1032\wbxscutil.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 48640 c:\windows\Downloaded Program Files\WebEx\1032\wbxdlmgr.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 58680 c:\windows\Downloaded Program Files\WebEx\1032\wbxdldrv.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 57344 c:\windows\Downloaded Program Files\WebEx\1032\wbxcrypt.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 25912 c:\windows\Downloaded Program Files\WebEx\1032\safereboot.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 81408 c:\windows\Downloaded Program Files\WebEx\1032\mticket.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 45880 c:\windows\Downloaded Program Files\WebEx\1032\atscjoin.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 27136 c:\windows\Downloaded Program Files\WebEx\1032\atprint.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 17408 c:\windows\Downloaded Program Files\WebEx\1032\atpcapnt.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 50688 c:\windows\Downloaded Program Files\WebEx\1032\atpack.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 13312 c:\windows\Downloaded Program Files\WebEx\1032\atmemmgr.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 81408 c:\windows\Downloaded Program Files\WebEx\1032\atjpeg60.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 64000 c:\windows\Downloaded Program Files\WebEx\1032\atcarmcl.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 43832 c:\windows\Downloaded Program Files\WebEx\1032\atasanot.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 16696 c:\windows\Downloaded Program Files\WebEx\1032\advlimit.exe
+ 2011-06-03 14:35 . 2011-06-03 14:35 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d5508d1d8577e42bcff02286c9a182b4\stdole.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XCTransacti#\6b96c1b651375430bf6d8e18307928ce\Interop.XCTransaction2.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.TOOTHPICKER#\bdd4896391ac022fbe99352bb9cb9bbf\Interop.TOOTHPICKERLib.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 26112 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SURFACEPICK#\0586ee1b9a8220e809c5e8ec1b627b27\Interop.SURFACEPICKERLib.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PINPadDevice\6568b0991f5c045c8ce8c91594975dae\Interop.PINPadDevice.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.OpAutomatio#\6c39c5d7cc35bc6df5e39ae26f7d0a7c\Interop.OpAutomationLib.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.ESTechUtilL#\a385b558840365ce3a7f442e5fe4d8c9\Interop.ESTechUtilLib.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.EsPbInterfa#\2964700d088a07236ad6ca2f584215aa\Interop.EsPbInterfaceLib.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.ESEVERYWARE#\6ee18f7c6a880855e2824db29f35752c\Interop.ESEVERYWARESYNCLib.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.TOOTHPICK#\d1a1c33222db1eeb778cde7bc95da9eb\AxInterop.TOOTHPICKERLib.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SURFACEPI#\61ae36a2764f47f076bab7d41bffffaf\AxInterop.SURFACEPICKERLib.ni.dll
+ 2011-04-13 13:32 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2011-04-13 13:32 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2011-04-14 08:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2011-04-14 08:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2011-04-28 22:32 . 2011-04-28 22:32 5632 c:\windows\system32\pndx5032.dll
+ 2011-04-28 22:32 . 2011-04-28 22:32 6656 c:\windows\system32\pndx5016.dll
+ 2011-06-03 14:26 . 2011-06-03 14:26 5430 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut15_207DBA6EFEE14469B38EFA9101B26FB2.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 5430 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut15_207DBA6EFEE14469B38EFA9101B26FB2.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 9440 c:\windows\Downloaded Program Files\WebEx\1032\atpdrvnt.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 9216 c:\windows\Downloaded Program Files\WebEx\1032\atkbctl.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-03-25 21:12 . 2010-07-29 19:27 121856 c:\windows\system32\xmllite.dll
+ 2010-04-08 15:53 . 2010-04-08 15:53 634560 c:\windows\system32\XceedZip.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
+ 2009-03-08 09:34 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-11 22:00 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-11 22:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2004-08-11 22:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2011-03-25 21:12 . 2001-05-24 18:59 162304 c:\windows\system32\UNWISE.EXE
+ 2011-06-03 14:26 . 2010-07-29 19:27 407269 c:\windows\system32\spool\drivers\w32x86\acpdfui400.dll
+ 2011-06-03 14:26 . 2010-07-29 19:27 749715 c:\windows\system32\spool\drivers\w32x86\acpdf400.dll
+ 2011-03-25 21:12 . 2010-07-29 19:27 407269 c:\windows\system32\spool\drivers\w32x86\3\acpdfui400.dll
+ 2011-03-25 21:12 . 2010-07-29 19:27 749715 c:\windows\system32\spool\drivers\w32x86\3\acpdf400.dll
+ 2011-04-28 22:33 . 2011-04-28 22:33 198848 c:\windows\system32\rmoc3260.dll
+ 2011-04-28 22:32 . 2011-04-28 22:32 272896 c:\windows\system32\pncrt.dll
+ 2004-08-11 22:00 . 2011-06-14 14:44 467496 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2011-07-06 16:18 . 2011-07-06 16:18 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-07-06 16:18 . 2011-07-06 16:18 321184 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2010-09-08 21:32 . 2010-09-08 21:32 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2011-06-23 02:46 . 2011-06-23 02:46 134464 c:\windows\system32\LnkProtect.dll
+ 2004-08-11 22:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 09:22 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 09:11 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-11 22:00 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-11 22:00 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-11 22:00 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2011-04-29 17:18 . 2010-07-27 09:48 212568 c:\windows\system32\drivers\sbtis.sys
+ 2011-04-29 17:18 . 2010-07-27 09:48 331992 c:\windows\system32\drivers\SbFw.sys
+ 2007-02-15 04:19 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-02-15 04:20 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2007-12-18 14:40 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 09:34 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 09:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-02-15 04:19 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-02-15 04:19 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 09:22 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2011-04-13 13:22 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-02-15 04:20 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 19:09 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2011-04-13 13:22 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-02-15 04:19 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-04-13 13:22 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 19:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 09:33 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 09:33 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 09:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-02-15 04:19 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-02-15 04:19 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-11 22:00 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2010-08-09 15:55 . 2010-08-09 15:55 424448 c:\windows\Installer\28bf00.msi
- 2007-02-15 04:30 . 2008-01-03 18:02 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-15 04:30 . 2011-05-12 15:31 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-02-15 04:30 . 2008-01-03 18:02 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-02-28 20:14 . 2011-05-19 20:15 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2007-02-28 20:14 . 2008-01-18 17:51 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-04-13 13:32 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-04-13 13:32 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-04-13 13:32 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-04-13 13:32 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-04-13 13:32 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-04-13 13:32 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-04-13 13:32 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-04-13 13:32 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-04-13 13:32 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-04-13 13:32 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-04-13 13:32 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-04-14 08:01 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-04-14 08:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-04-14 08:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-04-14 08:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-04-14 08:01 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-04-14 08:01 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 662016 c:\windows\ie8\wininet.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 276480 c:\windows\ie8\webcheck.dll
+ 2011-04-13 13:28 . 2007-06-26 15:13 851968 c:\windows\ie8\vgx.dll
+ 2011-04-13 13:28 . 2010-03-10 08:02 417792 c:\windows\ie8\vbscript.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 624640 c:\windows\ie8\urlmon.dll
+ 2011-04-13 13:29 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-04-13 13:29 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-04-13 13:28 . 2010-04-16 15:36 532480 c:\windows\ie8\mstime.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 146432 c:\windows\ie8\msrating.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 449024 c:\windows\ie8\mshtmled.dll
+ 2011-04-13 13:28 . 2009-08-21 09:46 450560 c:\windows\ie8\jscript.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 251392 c:\windows\ie8\iepeers.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 216576 c:\windows\ie8\ieaksie.dll
+ 2011-04-13 13:28 . 2004-08-04 10:00 139264 c:\windows\ie8\ieakeng.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 205312 c:\windows\ie8\dxtrans.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 357888 c:\windows\ie8\dxtmsft.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 273408 c:\windows\Downloaded Program Files\WebEx\1032\welsfcenc.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 260608 c:\windows\Downloaded Program Files\WebEx\1032\welsdec.dll
+ 2011-03-25 19:26 . 2011-03-25 19:25 210744 c:\windows\Downloaded Program Files\WebEx\1032\wbxreport.exe
+ 2011-03-25 19:26 . 2011-03-25 19:26 619520 c:\windows\Downloaded Program Files\WebEx\1032\unires.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 197120 c:\windows\Downloaded Program Files\WebEx\1032\unidrvui.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 239104 c:\windows\Downloaded Program Files\WebEx\1032\unidrv.dll
+ 2011-03-25 19:26 . 2011-03-25 19:25 186880 c:\windows\Downloaded Program Files\WebEx\1032\uilibres.dll
+ 2011-03-25 19:26 . 2011-03-25 19:25 302080 c:\windows\Downloaded Program Files\WebEx\1032\scwbxui8.dll
+ 2011-03-25 19:26 . 2011-03-25 19:25 355840 c:\windows\Downloaded Program Files\WebEx\1032\sccustres.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 630272 c:\windows\Downloaded Program Files\WebEx\1032\mvc.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 701440 c:\windows\Downloaded Program Files\WebEx\1032\mutiltpd.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 655872 c:\windows\Downloaded Program Files\WebEx\1032\msvcr90.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 568832 c:\windows\Downloaded Program Files\WebEx\1032\msvcp90.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 311808 c:\windows\Downloaded Program Files\WebEx\1032\msess.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 535040 c:\windows\Downloaded Program Files\WebEx\1032\mmssl32.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 309248 c:\windows\Downloaded Program Files\WebEx\1032\attp.dll
+ 2011-03-25 19:26 . 2011-03-25 19:25 833848 c:\windows\Downloaded Program Files\WebEx\1032\atsccust.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 208896 c:\windows\Downloaded Program Files\WebEx\1032\atres_lite.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 668672 c:\windows\Downloaded Program Files\WebEx\1032\atprtsc.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 132096 c:\windows\Downloaded Program Files\WebEx\1032\atpng12.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 314880 c:\windows\Downloaded Program Files\WebEx\1032\atlchat.dll
+ 2011-03-25 19:25 . 2011-03-25 19:25 444216 c:\windows\Downloaded Program Files\WebEx\1032\atgpcext.dll
+ 2011-03-25 19:25 . 2011-03-25 19:25 113976 c:\windows\Downloaded Program Files\WebEx\1032\atgpcdec.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 257536 c:\windows\Downloaded Program Files\WebEx\1032\atfilesr.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 427008 c:\windows\Downloaded Program Files\WebEx\1032\atfilesp.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 150528 c:\windows\Downloaded Program Files\WebEx\1032\atdl2006.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 176640 c:\windows\Downloaded Program Files\WebEx\1032\atasuicom.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 133432 c:\windows\Downloaded Program Files\WebEx\1032\atasnt40.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 427832 c:\windows\Downloaded Program Files\WebEx\1032\atasctrl.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 121856 c:\windows\Downloaded Program Files\WebEx\1032\atas32.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 516096 c:\windows\Downloaded Program Files\WebEx\1032\atarm.dll
+ 2010-11-02 01:00 . 2010-11-02 01:00 288568 c:\windows\Downloaded Program Files\ieatgpc.dll
+ 2008-04-25 12:40 . 2011-03-25 19:26 511288 c:\windows\Downloaded Program Files\atcliun.exe
+ 2011-06-03 14:35 . 2011-06-03 14:35 808448 c:\windows\assembly\NativeImages_v2.0.50727_32\TXTextControl\298d28e55625a2e284b2f29ad3156a12\TXTextControl.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\07da2b0e44d62f3c65d6516f4e2f94bb\System.Messaging.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 150528 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Services.#\4090d266ce1c885516fd41d8452f0d8d\Patterson.Services.ServiceUtils.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Services.#\23c5fa7a5201f23afd383ea7873faf71\Patterson.Services.SharedResources.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 538624 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Pr#\2958429e9aad6d166d1edb2f54a4d55d\Patterson.Client.Provider.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 443392 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Pa#\ba66e5244f9bfc713b17cf87eeabc2ad\Patterson.Client.Patient.ni.dll
+ 2011-06-03 14:36 . 2011-06-03 14:36 204800 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Mo#\97ab072a65572337a3e969c82a8d982c\Patterson.Client.ModuleAccess.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 590336 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.In#\ca44c48ab3db8a54f237478e444a5279\Patterson.Client.Insurance.ni.dll
+ 2011-06-03 14:36 . 2011-06-03 14:36 389120 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Ge#\a633d40d951348cfaa6e9bbdd90f289a\Patterson.Client.General.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 861184 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Ba#\78f82a5244f66393b2d5253bd5c42f16\Patterson.Client.BaseObjects.ni.dll
+ 2011-04-13 13:32 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2011-04-13 13:32 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2011-04-13 13:32 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2011-04-13 13:22 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2011-04-13 13:22 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2011-04-14 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2011-04-14 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2011-04-14 08:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2011-04-14 03:05 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2011-04-14 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2011-04-14 03:05 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
+ 2011-04-14 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
+ 2011-04-14 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
+ 2011-04-14 03:05 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-02-23 20:42 . 2010-02-23 20:42 1428480 c:\windows\system32\XCTransaction2.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2011-06-03 14:26 . 2010-07-29 19:27 4218880 c:\windows\system32\spool\drivers\w32x86\cdintf400.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2008-10-05 03:24 . 2010-09-08 21:32 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-07 02:07 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2007-02-15 04:19 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-28 09:28 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2011-04-13 13:22 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2011-06-03 14:26 . 2010-07-29 19:27 4218880 c:\windows\system32\cdintf400.dll
+ 2010-08-06 13:45 . 2010-08-06 13:45 1094656 c:\windows\Installer\79079.msi
+ 2011-04-29 18:03 . 2011-04-29 18:03 2392576 c:\windows\Installer\26c33e.msi
+ 2011-05-05 14:33 . 2011-05-05 14:33 2283008 c:\windows\Installer\1e459a80.msi
+ 2011-06-03 14:26 . 2011-06-03 14:26 2671104 c:\windows\Installer\{D7DC2934-1AFA-4C8B-812E-C7D6D04ABA35}\NewShortcut22_22803518EFB245B7BA6478B06395480E.exe
+ 2011-03-25 21:11 . 2011-03-25 21:11 2671104 c:\windows\Installer\{1CE1E282-54E5-48C8-A894-A2BEB6AD1FF4}\NewShortcut22_22803518EFB245B7BA6478B06395480E.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-04-13 13:32 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-04-13 13:32 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-04-13 13:32 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-04-13 13:28 . 2010-04-16 15:36 3065344 c:\windows\ie8\mshtml.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 1093632 c:\windows\Downloaded Program Files\WebEx\1032\mac.dll
+ 2011-03-25 19:26 . 2011-03-25 19:26 2206208 c:\windows\Downloaded Program Files\WebEx\1032\atres.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 2406400 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Services.#\943bef13ddb5ad873928e24c9ad64354\Patterson.Services.ServiceContracts.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 3144704 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Sh#\7a10c84d0a0ce419634b1bb6eb88c8eb\Patterson.Client.SharedObjects.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 5198336 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Sc#\13220b825a3ce3ac26af50b1bb2afc6d\Patterson.Client.Schedule.ni.dll
+ 2011-06-03 14:36 . 2011-06-03 14:36 3929600 c:\windows\assembly\NativeImages_v2.0.50727_32\Patterson.Client.Ac#\f2095934b2ec792f0b4f464150aff033\Patterson.Client.Account.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 2435072 c:\windows\assembly\NativeImages_v2.0.50727_32\iAnywhere.Data.SQLA#\b7615939016caa9a3bad8c3248531811\iAnywhere.Data.SQLAnywhere.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 1750528 c:\windows\assembly\NativeImages_v2.0.50727_32\EagleSoft\72e7b44656856295f3ff2b2c4cc7dd71\EagleSoft.ni.exe
+ 2011-06-03 14:35 . 2011-06-03 14:35 1503744 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraTree#\e5c6694d795ec75b2dcda63b762cb107\DevExpress.XtraTreeList.v9.3.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 3901440 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraSche#\e959b005cddf9f6247b5f2c141d514f4\DevExpress.XtraScheduler.v9.3.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 2854912 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraSche#\034668cf11d063998b1454b34ef80734\DevExpress.XtraScheduler.v9.3.Core.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 1795072 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraPrin#\b1ac51530fc9eaee1586d5780c57df09\DevExpress.XtraPrinting.v9.3.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 2218496 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraLayo#\a59b24f2d9aee98ab52900376adf8678\DevExpress.XtraLayout.v9.3.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 4914176 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraGrid#\150a9ff09b70e22bc2dbe9c6615754cc\DevExpress.XtraGrid.v9.3.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 5164032 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraEdit#\bf066df99859db7c3b572077cea38ff7\DevExpress.XtraEditors.v9.3.ni.dll
+ 2011-06-03 14:35 . 2011-06-03 14:35 5294592 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraBars#\3b34ff252cf2f196768330483c07e5ee\DevExpress.XtraBars.v9.3.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 5575680 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils.v9#\60d275c1fb06be6ffba6340c5878a680\DevExpress.Utils.v9.3.ni.dll
+ 2011-06-03 14:34 . 2011-06-03 14:34 7395328 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Data.v9.3\aa96b2920c18fa7cd63ca5a6d2a9ca11\DevExpress.Data.v9.3.ni.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2011-04-13 13:22 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-05-21 14:14 . 2011-06-17 08:00 47716296 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2011-04-13 13:22 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2011-06-03 14:25 . 2011-06-03 14:25 60925952 c:\windows\Installer\2e933b8d.msi
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\1e459a81.msp
+ 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2011-04-13 13:32 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-06-03 14:36 . 2011-06-03 14:36 12446720 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraRich#\e39165107227f708f375661736d25ea5\DevExpress.XtraRichEdit.v9.3.ni.dll
+ 2010-05-06 21:06 . 2010-05-06 21:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\WELLS\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\WELLS\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\WELLS\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\WELLS\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ESInetConnect"="c:\eaglesoft\Shared Files\esinetconnect.exe" [2010-08-11 204800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-09-24 1332560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\WELLS\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\WELLS\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Yosemite Server Backup Quick Access.lnk - c:\program files\Barracuda\Yosemite Server Backup\win\x86\ytwingqa.exe [2009-6-26 3036672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-16 19:19 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^WELLS^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\WELLS\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-20 13:31 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-03-18 11:18 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 07:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-21 13:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-14 12:42 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-28 22:32 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\SoftDent\\SDWIN.EXE"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Barracuda\\Yosemite Server Backup\\win\\x86\\ytwinsdr.exe"=
"c:\\Program Files\\Barracuda\\Yosemite Server Backup\\win\\x86\\ytwingad.exe"=
"c:\\Program Files\\Barracuda\\Yosemite Server Backup\\win\\x86\\ytwincad.exe"=
"c:\\Program Files\\Barracuda\\Yosemite Server Backup\\win\\x86\\ytwingqa.exe"=
"c:\\EagleSoft\\Shared Files\\esinetconnect.exe"=
"c:\\EagleSoft\\Shared Files\\ESTechUtil.exe"=
"c:\\EagleSoft\\Shared Files\\EagleSoft.exe"=
"c:\\EagleSoft\\Shared Files\\techaid.exe"=
"c:\\EagleSoft\\Shared Files\\ESMessenger.exe"=
"c:\\EagleSoft\\Shared Files\\dbeng7.exe"=
"c:\\Documents and Settings\\WELLS\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"135:UDP"= 135:UDP:DCOM2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2/14/2007 11:06 PM 3456]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/29/2011 12:18 PM 21464]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/29/2011 12:18 PM 331992]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/29/2011 12:18 PM 212568]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 7:13 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/29/2011 12:18 PM 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [9/23/2010 10:55 PM 181584]
R2 YTBackup;Yosemite Server Backup;c:\program files\Barracuda\Yosemite Server Backup\win\x86\ytwinsdr.exe [6/26/2009 11:36 AM 175616]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/29/2011 12:18 PM 68696]
R3 VistaRayScanner;VistaRay Scanner System Services;c:\windows\system32\drivers\VistaRayScanner-EPP.sys [2/23/2007 2:42 PM 17606]
S0 vrbzcxde;vrbzcxde; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 7:56 AM 98392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 9:45 AM 135664]
S2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [9/23/2010 10:55 PM 2763080]
S3 ESCameraService;ESCameraService;c:\eaglesoft\Shared Files\ESCameraService.exe [8/13/2010 10:22 AM 57344]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 9:45 AM 135664]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/29/2011 12:18 PM 68696]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/29/2011 12:18 PM 94040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AGRCYPOC
*Deregistered* - agrcypoc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:45]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:45]
.
2011-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1055808576-3399974807-1218163315-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1055808576-3399974807-1218163315-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.152.150.23 205.152.132.23
FF - ProfilePath - c:\documents and settings\WELLS\Application Data\Mozilla\Firefox\Profiles\umalvr29.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c602554&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 22:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-07 22:23:51
ComboFix-quarantined-files.txt 2011-07-08 03:23
ComboFix2.txt 2010-08-06 13:42
.
Pre-Run: 58,102,800,384 bytes free
Post-Run: 58,552,147,968 bytes free
.
- - End Of File - - 26EAE66D197FCEE433AF7D54129040F7

Attached Files



#4 tawilliams

tawilliams
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 08 July 2011 - 08:11 AM

I should also mention that after running OTL the machine did not reboot.

After running combo fix I rebooted and tested it. I still have the issue of the google search result redirects

Thanks for your help.

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 08 July 2011 - 03:43 PM

tawilliams:

Posted Image Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    volsnap.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post:
  • SystemLook log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 tawilliams

tawilliams
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 11 July 2011 - 07:10 PM

Here is the system look log

SystemLook 04.09.10 by jpshortstuff
Log created at 19:08 on 11/07/2011 by WELLS
Administrator - Elevation successful

========== filefind ==========

Searching for "volsnap.sys"
C:\i386\volsnap.sys --a---- 52352 bytes [20:30 23/02/2007] [10:00 04/08/2004] EE4660083DEBA849FF6C485D944B379B
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\volsnap.sys --a---- 52352 bytes [07:30 04/09/2008] [18:41 13/04/2008] 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\system32\drivers\volsnap.sys --a---- 52352 bytes [22:00 11/08/2004] [10:00 04/08/2004] EE4660083DEBA849FF6C485D944B379B

-= EOF =-

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 11 July 2011 - 09:53 PM

tawilliams:

We need to rename a file, then use the Recovery Console to replace an infected driver. Look over the instructions carefully and make sure you understand before you start:

1. Open Notepad
2. Copy and paste the content of the following codebox into Notepad:

@echo off
copy /y C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\volsnap.sys c:\
del %0

3. Save the file to your DESKTOP as "fix.bat" Make sure to save it with the quotes.
4. Double click fix.bat. to run it. A small black box should open and close - this is normal.

Print out these instructions to use while in the Recovery Console:

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entries, one at a time and press 'Enter' after each line. (refer to the quote box under the commands for the location of the spaces which are very important):

cd c:\windows\system32\drivers
ren volsnap.sys volsnap.old
copy c:\volsnap.sys
exit

cd<space>c:\windows\system32\drivers
ren<space>volsnap.sys<space>volsnap.old
copy<space>c:\volsnap.sys



You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.

If you do not see 1 file copied on the screen, even after ensuring the commands are correct, rename the file back to it's original name by typing the following command then hitting Enter.
ren volsnap.old volsnap.sys


You should NOT be prompted to overwrite an existing file, but if you are, select No then type exit to restart and notify me of your results)

6. Type exit and press 'Enter'. Your computer should reboot.

Please include the following in your next post:
  • Let me know when you have completed these steps

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 17 July 2011 - 09:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users