Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.zero Access! inserted on tcp/ip stack.


  • This topic is locked This topic is locked
12 replies to this topic

#1 d_hurst

d_hurst

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 05 February 2012 - 10:02 PM

Attached File  ark.txt   105.48KB   4 downloadsAttached File  attach.txt   18.73KB   0 downloadsAttached File  attach.txt   18.73KB   0 downloads.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:41:36 on 2012-02-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1366 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ECCD16D9-4121-42F9-BF9F-B278707F48FC} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-1-6 532224]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 MpKsl8fe9bb30;MpKsl8fe9bb30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73ff3ed9-1d24-44e3-94b8-bf6f20f2422d}\mpksl8fe9bb30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73ff3ed9-1d24-44e3-94b8-bf6f20f2422d}\MpKsl8fe9bb30.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-12-29 18560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-02-06 01:07:23 98816 ----a-w- c:\windows\sed.exe
2012-02-06 01:07:23 518144 ----a-w- c:\windows\SWREG.exe
2012-02-06 01:07:23 256000 ----a-w- c:\windows\PEV.exe
2012-02-06 01:07:23 208896 ----a-w- c:\windows\MBR.exe
2012-02-05 21:32:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2012-02-03 02:31:30 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-03 01:21:23 -------- d-----w- c:\program files\iPod
2012-02-03 01:21:20 -------- d-----w- c:\program files\iTunes
2012-02-03 01:05:18 -------- d-----w- c:\documents and settings\administrator\application data\ElevatedDiagnostics
2012-02-03 01:03:42 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-03 01:03:42 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-03 00:22:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 00:22:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 03:20:11 -------- d-----w- C:\$AVG
2012-01-07 02:43:53 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
.
==================== Find3M ====================
.
2011-12-30 01:01:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-12 17:18:20 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-10-16 08:04:54 16409960 ----a-w- c:\program files\spybotsd162.exe
.
============= FINISH: 20:42:22.09 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 06 February 2012 - 07:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 11 February 2012 - 04:55 PM

Hello, the problem that has arose is that my email accounts are being accessed and sending emails to everyone in my contact list.
The above message in my title is what I got from running combofix. When I ran it a second time it still gave me the second message. It did not remove it. I have not done any thing since contacting you several days ago. I have been waiting on what to do next.

OTL logfile created on: 2/11/2012 3:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.49% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 89.40 Gb Free Space | 69.85% Space Free | Partition Type: NTFS

Computer Name: DIANA-LFVP8SA3Q | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 15:48:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/02/05 15:33:05 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/02/15 09:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/02/15 09:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/28 15:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/02/20 14:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbtcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/03/10 04:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 5200 Series\ConvDIB.dll
MOD - [2004/02/12 10:09:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTPCFG.DLL
MOD - [2004/02/12 10:09:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBTPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 09:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/02/20 14:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/12 11:18:20 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/15 09:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 48 D7 7C 4D E4 CC 01 [binary data]
IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1965331169-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/02/08 20:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 13:58:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/29 18:04:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-854245398-1965331169-682003330-500\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-1965331169-682003330-500\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-854245398-1965331169-682003330-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1965331169-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECCD16D9-4121-42F9-BF9F-B278707F48FC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/12 18:11:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D5974C5-5185-4f5b-80B6-28015ACDD74C} - q319182
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 15:48:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/11 15:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/02/09 20:25:52 | 014,475,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\windows-kb890830-v4.4.exe
[2012/02/09 20:17:32 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\FixitCenter_Run.exe
[2012/02/07 17:15:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/07 16:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2012/02/07 16:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/07 16:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/05 20:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2012/02/05 20:41:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/05 19:37:37 | 004,396,367 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/05 19:07:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/05 19:07:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/05 19:07:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/05 19:07:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/05 15:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/02/05 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2012/02/02 19:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/02/02 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 19:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/02 19:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012/02/02 19:03:42 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2012/02/02 19:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/02/02 19:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/02/02 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/02 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/02 18:22:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/02 18:22:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/02 18:22:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/02 18:22:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/02 18:22:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/02 18:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/02 18:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/01/30 21:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HP Stuff
[2012/01/30 21:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Documents and Settings
[2012/01/28 21:20:11 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/01/20 17:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Fidelity
[2011/10/16 02:04:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 15:48:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/11 15:38:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500UA.job
[2012/02/11 15:38:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500Core.job
[2012/02/11 08:55:27 | 088,688,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/10 10:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/09 20:26:00 | 014,475,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\windows-kb890830-v4.4.exe
[2012/02/09 20:18:16 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\FixitCenter_Run.exe
[2012/02/08 23:39:30 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/02/08 23:39:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/07 19:52:33 | 000,002,524 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinterest _ Goodies.lnk
[2012/02/07 16:42:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Administrator Logon.job
[2012/02/07 16:42:44 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/02/07 16:42:44 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVG PC Tuneup 2011.lnk
[2012/02/06 18:04:39 | 000,046,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/05 20:47:56 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/05 20:41:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/05 20:38:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/05 20:37:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/05 20:04:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/05 19:44:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 19:43:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/05 19:37:55 | 004,396,367 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/05 19:36:00 | 000,292,864 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/02/05 19:36:00 | 000,260,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/02/02 20:55:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/02 20:38:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/02 19:22:23 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/02 18:22:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/02 18:22:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/02 18:22:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/02 18:22:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/02 18:22:33 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/02 13:58:32 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/29 20:37:49 | 000,005,692 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Favorite Theme2.Theme
[2012/01/29 20:32:46 | 000,005,674 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Favorite Theme.theme
[2012/01/21 22:05:41 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 19:52:33 | 000,002,524 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinterest _ Goodies.lnk
[2012/02/07 16:42:51 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Administrator Logon.job
[2012/02/07 16:42:44 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/02/07 16:42:44 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVG PC Tuneup 2011.lnk
[2012/02/05 20:47:52 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/05 20:38:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/05 20:37:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/05 19:07:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/05 19:07:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/05 19:07:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/05 19:07:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/05 19:07:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/05 15:34:15 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/02/05 15:34:15 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 15:33:09 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500UA.job
[2012/02/05 15:33:09 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500Core.job
[2012/02/02 19:22:23 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/29 20:37:49 | 000,005,692 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Favorite Theme2.Theme
[2012/01/29 20:32:46 | 000,005,674 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Favorite Theme.theme
[2011/11/25 18:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\82yes.com.b
[2011/11/25 17:46:15 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Q7FQGlBG.dat
[2011/11/23 21:32:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/04 16:44:32 | 000,130,958 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2011/11/04 16:44:32 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2011/10/29 14:08:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/10/29 13:11:56 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 16:21:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/17 20:23:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2011/10/17 20:23:35 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2011/10/17 20:23:32 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2011/10/17 20:23:32 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2011/10/17 20:23:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2011/10/17 20:23:21 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2011/10/16 01:43:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/12 18:14:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/10/12 18:13:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/12 18:09:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/12 13:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/12 13:02:33 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/06/25 13:21:13 | 000,435,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/06/25 13:21:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/06/25 13:21:11 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/06/25 13:21:10 | 000,068,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/06/25 13:20:23 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/06/25 13:20:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/06/25 13:19:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/25 13:13:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/06/25 13:13:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/06/25 13:09:07 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/06/25 13:09:07 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/06/25 13:09:06 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/06/25 13:09:06 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/06/25 13:09:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/06/25 13:05:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/06/25 13:03:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


OTL Extras logfile created on: 2/11/2012 3:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.49% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 89.40 Gb Free Space | 69.85% Space Free | Partition Type: NTFS

Computer Name: DIANA-LFVP8SA3Q | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FFB38F3F-2CAD-44D2-98AE-247EADE6EB21}" = American Greetings Crafts!
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ie8" = Windows Internet Explorer 8
"Lexmark 5200 Series" = Lexmark 5200 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"UPCShell" = LeapFrog Connect
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1965331169-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2011 11:57:49 PM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/28/2011 11:57:49 PM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/25019019CFFBD9991CB76825748D945F30939542.crt>
with error: This network connection does not exist.

Error - 11/28/2011 11:57:49 PM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/28/2011 11:57:49 PM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/29/2011 12:00:20 AM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/29/2011 12:00:20 AM | Computer Name = DIANA-LFVP8SA3Q | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/25019019CFFBD9991CB76825748D945F30939542.crt>
with error: The connection with the server was terminated abnormally

Error - 11/29/2011 12:12:00 AM | Computer Name = DIANA-LFVP8SA3Q | Source = McLogEvent | ID = 259
Description =

Error - 11/29/2011 8:25:50 AM | Computer Name = DIANA-LFVP8SA3Q | Source = McLogEvent | ID = 259
Description =

Error - 11/29/2011 8:27:45 AM | Computer Name = DIANA-LFVP8SA3Q | Source = McLogEvent | ID = 259
Description =

Error - 11/29/2011 7:54:39 PM | Computer Name = DIANA-LFVP8SA3Q | Source = McLogEvent | ID = 259
Description =

[ System Events ]
Error - 2/5/2012 9:35:52 PM | Computer Name = DIANA-LFVP8SA3Q | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 2/5/2012 9:44:07 PM | Computer Name = DIANA-LFVP8SA3Q | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 2/6/2012 1:21:43 AM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/6/2012 3:51:44 AM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/6/2012 10:51:46 PM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/7/2012 4:51:47 PM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/8/2012 11:21:48 AM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/9/2012 7:21:50 AM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/10/2012 3:51:53 AM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.

Error - 2/10/2012 11:51:55 PM | Computer Name = DIANA-LFVP8SA3Q | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 0030BD05EF5D.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 13 February 2012 - 04:49 PM

Hi,

could you give me the logs from ComboFix? You should find them in C:\

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 13 February 2012 - 06:11 PM

Here is the first log I ran.....second log follows.

ComboFix 12-02-05.02 - Administrator 02/05/2012 19:14:41.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1515 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-05 21:32 . 2012-02-05 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2012-02-03 02:31 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-03 01:21 . 2012-02-03 01:21 -------- d-----w- c:\program files\iPod
2012-02-03 01:21 . 2012-02-03 01:22 -------- d-----w- c:\program files\iTunes
2012-02-03 01:05 . 2012-02-03 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2012-02-03 01:03 . 2008-04-13 19:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-03 01:03 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-03 00:23 . 2012-02-03 00:23 -------- d-----w- c:\program files\Common Files\Java
2012-02-03 00:22 . 2012-02-03 00:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 00:22 . 2012-02-03 00:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 00:22 . 2012-02-03 00:22 -------- d-----w- c:\program files\Java
2012-01-29 03:20 . 2012-01-29 03:20 -------- d-----w- C:\$AVG
2012-01-07 02:43 . 2012-01-07 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-01-07 02:41 . 2012-02-05 15:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-07 02:41 . 2012-01-31 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-07 02:41 . 2012-01-07 02:41 -------- d-----w- c:\program files\AVG
2012-01-07 02:17 . 2012-01-07 02:17 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 01:01 . 2011-10-16 00:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2002-06-25 19:33 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-06-25 19:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-06-25 19:20 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2011-10-16 05:55 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-06-25 19:24 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-12 17:18 . 2011-12-30 00:57 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-10-16 08:04 . 2011-10-16 08:04 16409960 ----a-w- c:\program files\spybotsd162.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_11.24.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 04:51 . 2011-04-19 04:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-02-06 01:13 . 2012-02-06 01:13 16384 c:\windows\temp\Perflib_Perfdata_22c.dat
- 2011-10-16 07:43 . 2011-03-18 06:24 99328 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 99328 c:\windows\system32\ZoneLabs\zlquarantine.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 70656 c:\windows\system32\ZoneLabs\zatray.exe
+ 2012-01-07 02:19 . 2011-03-18 07:24 70656 c:\windows\system32\ZoneLabs\zatray.exe
- 2011-10-16 07:43 . 2011-03-18 06:25 21504 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 21504 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 14336 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 14336 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 48640 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 48640 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 85504 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 85504 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 37376 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 37376 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 20992 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 20992 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 12800 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 10240 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 10240 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 11264 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 11264 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 14336 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 14336 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 12288 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 12288 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 11264 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 11264 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 29184 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 29184 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 13312 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 13312 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 35840 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 35840 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 38912 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 38912 c:\windows\system32\ZoneLabs\featuremap.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 75776 c:\windows\system32\ZoneLabs\camupd.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 75776 c:\windows\system32\ZoneLabs\camupd.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 69120 c:\windows\system32\zlcomm.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 69120 c:\windows\system32\zlcomm.dll
+ 2012-02-03 01:01 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 43008 c:\windows\system32\vswmi.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 43008 c:\windows\system32\vswmi.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 58368 c:\windows\system32\vsregexp.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 58368 c:\windows\system32\vsregexp.dll
- 2011-10-16 06:14 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2011-10-16 06:14 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2011-10-16 05:53 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
- 2011-10-16 05:53 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2011-10-16 07:53 . 2009-02-27 09:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2011-10-16 07:53 . 2009-02-27 09:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2011-11-21 00:28 . 2009-01-08 00:20 16928 c:\windows\system32\spmsg.dll
+ 2002-06-25 19:21 . 2012-01-11 22:57 68514 c:\windows\system32\perfc009.dat
- 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 24576 c:\windows\system32\nlsdl.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
+ 2011-10-16 07:53 . 2009-02-27 09:42 31640 c:\windows\system32\msonpmon.dll
+ 2002-06-25 19:15 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2002-06-25 19:15 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-06-25 19:12 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2002-06-25 19:12 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
- 2002-06-25 19:11 . 2011-08-22 23:48 43520 c:\windows\system32\licmgr10.dll
+ 2002-06-25 19:11 . 2011-11-04 19:20 43520 c:\windows\system32\licmgr10.dll
- 2002-06-25 19:09 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2002-06-25 19:09 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2009-03-08 09:32 . 2009-03-08 10:32 36864 c:\windows\system32\ieudinit.exe
- 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 26112 c:\windows\system32\idndl.dll
+ 2011-12-30 00:56 . 2011-11-12 17:18 33792 c:\windows\system32\DRVSTORE\leapfrog-0_B30D43972967E3C09B8E635B22BC13082452FEEA\i386\btblan.sys
+ 2011-12-30 00:57 . 2011-11-12 17:18 18560 c:\windows\system32\DRVSTORE\flyusb_E1B194E4380F1C20BBC476848F70DDC967C29749\i386\FlyUsb.sys
+ 2011-09-13 12:30 . 2011-09-13 12:30 32592 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-08-08 12:08 . 2011-08-08 12:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-10-04 12:21 . 2011-10-04 12:21 16720 c:\windows\system32\drivers\AVGIDSShim.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 24272 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
- 2011-10-16 06:22 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
- 2009-03-08 09:31 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-10-16 06:22 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2009-03-08 09:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 09:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 09:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2002-06-25 19:03 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2002-06-25 19:03 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-01 04:17 . 2011-12-01 04:17 19968 c:\windows\Installer\e9ce24.msi
- 2011-10-16 07:53 . 2011-10-18 00:19 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2011-12-15 09:05 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-30 00:57 . 2011-12-30 00:57 27003 c:\windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP\WiseCustomCall.dll
+ 2011-12-15 09:02 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
+ 2011-12-15 09:02 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
+ 2011-12-15 09:00 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2011-12-14 23:09 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-16 07:43 . 2011-10-16 07:43 4212 c:\windows\system32\zllictbl.dat
+ 2011-10-16 07:43 . 2012-01-07 02:19 4212 c:\windows\system32\zllictbl.dat
+ 2012-02-03 01:01 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2011-12-25 18:29 . 2001-08-18 04:36 5632 c:\windows\system32\ptpusb.dll
+ 2012-02-05 21:58 . 2012-02-05 22:29 1598 c:\windows\SoftwareDistribution\EventCache\{EF36D080-8C09-48B4-A986-49E8E0CD650B}.bin
+ 2012-02-03 02:38 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-19 04:04 . 2011-10-19 04:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 141824 c:\windows\system32\ZoneLabs\zlupdate.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 141824 c:\windows\system32\ZoneLabs\zlupdate.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 173056 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 173056 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2012-01-07 02:17 . 2011-03-18 07:24 211456 c:\windows\system32\ZoneLabs\vsdb.dll
- 2011-10-16 07:42 . 2011-03-18 06:24 211456 c:\windows\system32\ZoneLabs\vsdb.dll
- 2011-10-16 07:43 . 2007-10-11 21:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2012-01-07 02:19 . 2007-10-11 22:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 434688 c:\windows\system32\ZoneLabs\ssleay32.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 434688 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 135680 c:\windows\system32\ZoneLabs\scheduler.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 135680 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2012-01-07 02:19 . 2009-07-14 05:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
- 2011-10-16 07:43 . 2009-07-14 04:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 126976 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 126976 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 280064 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 280064 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:25 225792 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 225792 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 368640 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 368640 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 184832 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 184832 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 375296 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 375296 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2012-01-07 02:17 . 2010-02-08 14:41 595432 c:\windows\system32\ZoneLabs\icslta.dll
- 2011-10-16 07:42 . 2010-02-08 13:41 595432 c:\windows\system32\ZoneLabs\icslta.dll
- 2011-10-16 07:44 . 2010-11-08 23:58 284136 c:\windows\system32\ZoneLabs\ffapi.dll
+ 2012-01-07 02:20 . 2010-11-09 00:58 284136 c:\windows\system32\ZoneLabs\ffapi.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 169984 c:\windows\system32\ZoneLabs\fbl.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 169984 c:\windows\system32\ZoneLabs\fbl.dll
- 2011-10-16 07:43 . 2008-03-17 21:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2012-01-07 02:19 . 2008-03-17 22:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 104448 c:\windows\system32\zlcommdb.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 104448 c:\windows\system32\zlcommdb.dll
+ 2009-01-07 23:21 . 2009-01-08 00:21 121856 c:\windows\system32\xmllite.dll
- 2009-01-07 23:21 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2002-06-25 19:33 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2002-06-25 19:33 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2002-03-05 13:56 . 2011-11-04 19:20 916992 c:\windows\system32\wininet.dll
+ 2012-02-03 01:01 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2012-01-07 02:19 . 2011-03-18 07:24 110080 c:\windows\system32\vsxml.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 110080 c:\windows\system32\vsxml.dll
+ 2012-01-07 02:17 . 2011-03-18 07:24 715264 c:\windows\system32\vsutil.dll
- 2011-10-16 07:42 . 2011-03-18 06:24 715264 c:\windows\system32\vsutil.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 302592 c:\windows\system32\vspubapi.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 302592 c:\windows\system32\vspubapi.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 108032 c:\windows\system32\vsmonapi.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 108032 c:\windows\system32\vsmonapi.dll
- 2011-10-16 07:42 . 2011-03-18 06:24 228864 c:\windows\system32\vsinit.dll
+ 2012-01-07 02:17 . 2011-03-18 07:24 228864 c:\windows\system32\vsinit.dll
- 2011-10-16 07:43 . 2010-05-13 15:02 532224 c:\windows\system32\vsdatant.sys
+ 2012-01-07 02:19 . 2010-05-13 16:02 532224 c:\windows\system32\vsdatant.sys
+ 2012-01-07 02:17 . 2011-03-18 07:24 112128 c:\windows\system32\vsdata.dll
- 2011-10-16 07:42 . 2011-03-18 06:24 112128 c:\windows\system32\vsdata.dll
- 2002-03-05 23:15 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2002-03-05 23:15 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2011-10-16 07:53 . 2009-02-27 09:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2011-10-16 07:53 . 2009-02-27 09:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2002-06-25 19:22 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2002-06-25 19:22 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2011-12-25 18:29 . 2008-04-14 01:12 159232 c:\windows\system32\ptpusd.dll
+ 2002-06-25 19:21 . 2012-01-11 22:57 435618 c:\windows\system32\perfh009.dat
+ 2002-06-25 19:20 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2002-06-25 19:20 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 770384 c:\windows\system32\msvcr100.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 421200 c:\windows\system32\msvcp100.dll
+ 2002-06-25 19:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2002-06-25 19:16 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 265720 c:\windows\system32\msdbg2.dll
+ 2011-11-30 04:04 . 2010-10-19 20:51 222080 c:\windows\system32\MpSigStub.exe
+ 2011-12-30 01:01 . 2011-12-30 01:01 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2011-11-14 13:58 . 2011-11-14 13:58 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-14 13:58 . 2011-12-02 22:23 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-14 13:58 . 2011-12-02 22:23 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2011-11-14 13:58 . 2011-11-14 13:58 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2012-02-03 00:22 . 2012-02-03 00:22 157472 c:\windows\system32\javaws.exe
+ 2012-02-03 00:22 . 2012-02-03 00:22 149280 c:\windows\system32\javaw.exe
+ 2012-02-03 00:22 . 2012-02-03 00:22 149280 c:\windows\system32\java.exe
+ 2002-06-25 19:08 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2002-06-25 19:08 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
- 2002-06-25 19:08 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2002-06-25 19:08 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2002-06-25 19:08 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2002-06-25 19:08 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
- 2011-10-12 19:02 . 2011-11-13 21:04 317952 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-12 19:02 . 2011-12-15 09:22 317952 c:\windows\system32\FNTCACHE.DAT
- 2011-10-16 05:55 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2011-10-16 05:55 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2011-07-11 07:14 . 2011-07-11 07:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2011-10-07 12:23 . 2011-10-07 12:23 230608 c:\windows\system32\drivers\avgldx86.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 134608 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2011-04-26 11:07 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-04-26 11:07 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2009-03-08 09:34 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-08 09:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 09:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2009-03-08 09:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-10-16 06:22 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-10-16 06:22 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 09:31 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-10-16 06:22 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 19:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 19:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2002-06-25 19:03 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2010-03-18 15:15 . 2010-03-18 15:15 138056 c:\windows\system32\atl100.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\74d54ca.msp
+ 2011-11-30 03:59 . 2011-11-30 03:59 301056 c:\windows\Installer\4b0e0.msi
+ 2012-01-08 09:00 . 2012-01-08 09:00 223744 c:\windows\Installer\2bc045d.msi
+ 2012-02-03 00:23 . 2012-02-03 00:23 203776 c:\windows\Installer\2b30db.msi
+ 2012-02-03 00:22 . 2012-02-03 00:22 901120 c:\windows\Installer\2b30d6.msi
+ 2012-01-07 02:40 . 2012-01-07 02:40 219648 c:\windows\Installer\11e0ad.msi
+ 2012-02-03 01:22 . 2012-02-03 01:22 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe
+ 2011-12-17 05:07 . 2011-12-17 05:07 897024 c:\windows\Installer\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}\SafariIco.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-03 03:36 . 2012-02-03 03:36 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-10-17 02:43 . 2011-10-17 02:43 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-01-14 13:10 . 2011-01-14 13:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 20:35 . 2006-10-27 20:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2011-12-15 09:05 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-15 09:05 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-15 09:05 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-02-03 02:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-02-03 02:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2010-02-10 13:24 . 2010-02-10 13:24 284048 c:\windows\Downloaded Program Files\rufsi.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-02-03 02:36 . 2012-02-03 02:36 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb17fceaa5465d6eeb15034a4bea2687\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9963fdc4d47bf168d55ffca06288c0b6\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\43b77700ad8d984224b12472318e02ec\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3062d06077a424dff6997145cad8e9e1\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 03:14 . 2012-01-12 03:14 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-30 00:57 . 2011-12-30 00:57 130323 c:\windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP\WiseCustomCalla2.exe
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2639417$\spuninst\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
+ 2011-12-15 09:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633952$\spuninst\updspapi.dll
+ 2011-12-15 09:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
+ 2011-12-15 09:00 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633171$\spuninst\updspapi.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2624667$\spuninst\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
+ 2011-12-15 09:00 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2620712$\spuninst\updspapi.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
+ 2011-12-15 09:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2619339$\spuninst\updspapi.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2619339$\spuninst\spuninst.exe
+ 2011-12-15 09:01 . 2011-02-09 13:53 186880 c:\windows\$NtUninstallKB2619339$\encdec.dll
+ 2011-12-15 09:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2618451$\spuninst\updspapi.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2639417\update\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2639417\update\update.exe
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2639417\spuninst.exe
+ 2011-12-15 09:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2633171\update\updspapi.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2633171\update\update.exe
+ 2011-12-15 09:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2633171\spuninst.exe
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2624667\update\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2624667\update\update.exe
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2624667\spuninst.exe
+ 2011-12-15 09:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2620712\update\updspapi.dll
+ 2011-12-15 09:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2620712\update\update.exe
+ 2011-12-15 09:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2620712\spuninst.exe
+ 2011-12-15 09:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2619339\update\updspapi.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2619339\update\update.exe
+ 2011-12-15 09:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2619339\spuninst.exe
+ 2011-10-18 11:12 . 2011-10-18 11:12 186880 c:\windows\$hf_mig$\KB2619339\SP3QFE\encdec.dll
+ 2011-12-15 09:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618451\update\updspapi.dll
+ 2011-12-15 09:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618451\update\update.exe
+ 2011-12-15 09:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618451\spuninst.exe
+ 2011-12-15 09:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618444-IE8\update\updspapi.dll
+ 2011-12-15 09:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618444-IE8\update\update.exe
+ 2011-12-15 09:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618444-IE8\spuninst.exe
+ 2011-12-14 23:09 . 2011-11-04 19:19 919552 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 105984 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 206848 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\occache.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 611840 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mstime.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 602112 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeeds.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 247808 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieproxy.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 184320 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iepeers.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 743424 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedvtool.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 387584 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedkcs32.dll
+ 2011-12-14 23:09 . 2011-10-25 12:01 174080 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ie4uinit.exe
+ 2011-04-19 04:51 . 2011-04-19 04:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 1238528 c:\windows\system32\zpeng25.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 1238528 c:\windows\system32\zpeng25.dll
+ 2012-01-07 02:19 . 2011-03-18 07:24 1790464 c:\windows\system32\ZoneLabs\vsruledb.dll
- 2011-10-16 07:43 . 2011-03-18 06:24 1790464 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2012-01-07 02:19 . 2011-03-18 07:26 2435592 c:\windows\system32\ZoneLabs\vsmon.exe
- 2011-10-16 07:43 . 2011-03-18 06:26 2435592 c:\windows\system32\ZoneLabs\vsmon.exe
- 2011-10-16 07:43 . 2011-03-18 06:25 1536512 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2012-01-07 02:19 . 2011-03-18 07:25 1536512 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
- 2002-03-05 23:13 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2002-03-05 23:13 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2002-06-25 19:22 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2002-06-25 19:20 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2002-06-25 19:19 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2002-06-25 19:19 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
- 2002-06-25 19:19 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2002-06-25 19:19 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2002-03-05 13:54 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2011-12-30 01:01 . 2011-12-30 01:01 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\system32\FM20.DLL
+ 2010-05-02 05:22 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 09:34 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-03-08 09:34 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-11-27 17:11 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2011-10-16 06:08 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2011-10-16 06:08 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-10-16 06:08 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2011-10-16 06:08 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2011-10-16 06:08 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-10-16 06:08 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-08 09:41 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
- 2011-10-16 06:22 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-17 05:22 . 2011-12-17 05:22 1717248 c:\windows\Installer\9606b77.msi
+ 2011-12-17 05:12 . 2011-12-17 05:12 9474048 c:\windows\Installer\9606b61.msi
+ 2011-12-17 05:07 . 2011-12-17 05:07 3470848 c:\windows\Installer\9606b27.msi
+ 2011-12-17 05:03 . 2011-12-17 05:03 1709568 c:\windows\Installer\9606b22.msi
+ 2011-12-17 05:01 . 2011-12-17 05:01 1530368 c:\windows\Installer\9606b1a.msi
+ 2011-07-21 18:34 . 2011-07-21 18:34 3456000 c:\windows\Installer\7a80a1.msp
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\74d54c3.msp
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\74d54b9.msp
+ 2011-12-30 00:57 . 2011-12-30 00:57 2620928 c:\windows\Installer\520fff7.msi
+ 2011-12-30 00:56 . 2011-12-30 00:56 8100864 c:\windows\Installer\520fff2.msi
+ 2012-02-03 01:22 . 2012-02-03 01:22 5421056 c:\windows\Installer\4c4854.msi
+ 2012-02-02 19:58 . 2012-02-02 19:58 4698112 c:\windows\Installer\48f1b.msi
+ 2012-02-02 19:55 . 2012-02-02 19:55 2186240 c:\windows\Installer\48f04.msi
+ 2011-09-16 00:40 . 2011-09-16 00:40 7959552 c:\windows\Installer\2c8bed.msp
+ 2011-09-16 00:35 . 2011-09-16 00:35 1411072 c:\windows\Installer\2c89d4.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\221f833.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\221f81b.msp
+ 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\221f805.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 4225536 c:\windows\Installer\221f7ef.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\221f7d4.msp
+ 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\221f7be.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\221f7a8.msp
+ 2012-01-07 02:42 . 2012-01-07 02:42 4683264 c:\windows\Installer\11e0b5.msi
+ 2011-10-16 07:53 . 2012-02-03 03:41 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-16 07:53 . 2012-02-03 03:41 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-10-16 07:53 . 2011-10-18 00:19 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-14 13:10 . 2011-01-14 13:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-10-10 04:10 . 2009-10-10 04:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2006-10-27 01:25 . 2006-10-27 01:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-12-15 09:05 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-15 09:05 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-15 09:05 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
- 2011-10-16 06:08 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-16 06:08 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-16 06:08 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2011-10-16 06:08 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2011-10-16 06:08 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-10-16 06:08 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-01-12 03:16 . 2012-01-12 03:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-12 03:16 . 2012-01-12 03:16 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-02-03 02:36 . 2012-02-03 02:36 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1a32e7ce68fa086773b235fc8b525476\System.Management.Automation.ni.dll
+ 2012-01-12 03:14 . 2012-01-12 03:14 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-19 03:53 . 2011-10-19 03:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-03 01:01 . 2012-02-03 01:01 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 22:57 . 2012-01-11 22:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 22:56 . 2012-01-11 22:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-19 04:04 . 2011-10-19 04:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-12-30 00:57 . 2011-12-30 00:57 1077248 c:\windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP\WiseCustomCalla.dll
+ 2011-12-15 09:05 . 2011-09-06 13:20 1858944 c:\windows\$NtUninstallKB2639417$\win32k.sys
+ 2011-12-15 09:00 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
+ 2011-12-15 09:00 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrpamp.exe
+ 2011-12-15 09:00 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
+ 2011-12-15 09:00 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntkrnlmp.exe
+ 2011-12-15 09:05 . 2010-07-16 12:05 1288192 c:\windows\$NtUninstallKB2624667$\ole32.dll
+ 2011-11-23 13:29 . 2011-11-23 13:29 1868544 c:\windows\$hf_mig$\KB2639417\SP3QFE\win32k.sys
+ 2011-10-25 13:34 . 2011-10-25 13:34 2192768 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
+ 2011-10-25 13:38 . 2011-10-25 13:38 2148864 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlmp.exe
+ 2011-11-01 16:05 . 2011-11-01 16:05 1289216 c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 1214464 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 5978624 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
+ 2011-12-14 23:09 . 2011-11-04 19:19 2001408 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iertutil.dll
+ 2011-10-16 06:20 . 2012-01-11 22:58 52128560 c:\windows\system32\MRT.exe
- 2009-03-08 09:39 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2011-10-16 06:22 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-10-16 06:22 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-16 00:39 . 2011-09-16 00:39 11163136 c:\windows\Installer\2c8be4.msp
+ 2011-09-16 00:38 . 2011-09-16 00:38 10838528 c:\windows\Installer\2c8bd9.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 16691712 c:\windows\Installer\2c89ef.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 34428416 c:\windows\Installer\2c89d5.msp
+ 2011-12-15 09:05 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-12 03:15 . 2012-01-12 03:15 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-11 22:58 . 2012-01-11 22:58 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2011-11-05 20:19 . 2011-11-05 20:19 11083776 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieframe.dll
+ 2011-09-16 00:34 . 2011-09-16 00:34 428804608 c:\windows\Installer\2c8bcf.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 9:25 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 9:25 AM 488952]
S1 MpKsl8fe9bb30;MpKsl8fe9bb30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/29/2011 6:57 PM 18560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
.
[HKEY_USERS\S-1-5-21-854245398-1965331169-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-02-05 19:25:11
ComboFix-quarantined-files.txt 2012-02-06 01:25
ComboFix2.txt 2011-11-30 00:07
ComboFix3.txt 2011-11-29 12:01
.
Pre-Run: 96,396,500,992 bytes free
Post-Run: 96,657,125,376 bytes free
.
- - End Of File - - 0F52C850946F150DF22158654C9C5A3D


[b]
[b]This is the second log.

ComboFix 12-02-05.02 - Administrator 02/05/2012 19:44:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1521 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-05 21:32 . 2012-02-05 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2012-02-03 02:31 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-03 01:21 . 2012-02-03 01:21 -------- d-----w- c:\program files\iPod
2012-02-03 01:21 . 2012-02-03 01:22 -------- d-----w- c:\program files\iTunes
2012-02-03 01:05 . 2012-02-03 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2012-02-03 01:03 . 2008-04-13 19:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-03 01:03 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-03 00:23 . 2012-02-03 00:23 -------- d-----w- c:\program files\Common Files\Java
2012-02-03 00:22 . 2012-02-03 00:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 00:22 . 2012-02-03 00:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 00:22 . 2012-02-03 00:22 -------- d-----w- c:\program files\Java
2012-01-29 03:20 . 2012-01-29 03:20 -------- d-----w- C:\$AVG
2012-01-07 02:43 . 2012-01-07 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-01-07 02:41 . 2012-02-05 15:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-07 02:41 . 2012-01-31 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-07 02:41 . 2012-01-07 02:41 -------- d-----w- c:\program files\AVG
2012-01-07 02:17 . 2012-01-07 02:17 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 01:01 . 2011-10-16 00:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2002-06-25 19:33 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-06-25 19:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-06-25 19:20 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2011-10-16 05:55 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-06-25 19:24 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-12 17:18 . 2011-12-30 00:57 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-10-16 08:04 . 2011-10-16 08:04 16409960 ----a-w- c:\program files\spybotsd162.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-06_01.22.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-06 01:44 . 2012-02-06 01:44 16384 c:\windows\temp\Perflib_Perfdata_77c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 9:25 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 9:25 AM 488952]
S1 MpKsl8fe9bb30;MpKsl8fe9bb30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/29/2011 6:57 PM 18560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
.
[HKEY_USERS\S-1-5-21-854245398-1965331169-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1012)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-02-05 19:53:20
ComboFix-quarantined-files.txt 2012-02-06 01:53
ComboFix2.txt 2012-02-06 01:25
ComboFix3.txt 2011-11-30 00:07
ComboFix4.txt 2011-11-29 12:01
.
Pre-Run: 96,582,819,840 bytes free
Post-Run: 96,583,524,352 bytes free
.
- - End Of File - - ABDB622BD86361EAEEE16F26E15D0D65

#6 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 13 February 2012 - 06:14 PM

I did run microsoft windows defender and Microsoft malicious software remoal tools and they found nothing at all.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 13 February 2012 - 06:25 PM

Hi,

the logs are looking rather clean. You said ComboFix was giving off a warning about ZeroAccess, could you try downloading a new copy of combofix and let me know if it still warns you.

Have you tried changing passwords to your email accounts to make it impossible for the malware authors to access your email accounts?

Do you know what this is: Pinterest _ Goodies? You should find it in your quick-launch bar. (If not don't click it, it might be bad).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 February 2012 - 12:52 AM

I'm still getting this.....
Infected with Rootkit.zero Access! inserted on tcp/ip stack after running combofix again. It says it is a very serious and hard to remove virus. My anti virus recognizes combofix as a virus. Maybe this is whats wrong???? I'm getting frustrated, as I'm afraid to use my computer for much anymore. Your site and combofix is safe and secure right?


ComboFix 12-02-15.01 - Administrator 02/15/2012 23:35:05.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1497 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix2.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 05:25 . 2012-02-16 05:25 -------- d-----w- C:\ComboFix2
2012-02-15 06:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 06:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 07:35 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A7837C5E-93A5-4A7B-A10F-880373BCC2CE}\mpengine.dll
2012-02-13 01:14 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-13 01:13 . 2012-02-13 01:13 -------- d-----w- c:\program files\Windows Defender
2012-02-13 00:45 . 2012-02-13 01:11 -------- d-----w- c:\program files\Microsoft Windows Defender
2012-02-11 21:16 . 2012-02-11 21:16 -------- d-----w- c:\windows\Sun
2012-02-07 22:43 . 2012-02-07 23:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2012-02-05 21:32 . 2012-02-05 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2012-02-03 02:31 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-03 01:21 . 2012-02-03 01:21 -------- d-----w- c:\program files\iPod
2012-02-03 01:21 . 2012-02-03 01:22 -------- d-----w- c:\program files\iTunes
2012-02-03 01:05 . 2012-02-13 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2012-02-03 01:03 . 2008-04-13 19:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-03 01:03 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-03 00:23 . 2012-02-03 00:23 -------- d-----w- c:\program files\Common Files\Java
2012-02-03 00:22 . 2012-02-03 00:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 00:22 . 2012-02-03 00:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 00:22 . 2012-02-03 00:22 -------- d-----w- c:\program files\Java
2012-01-29 03:20 . 2012-01-29 03:20 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2011-11-30 04:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2002-06-25 19:32 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-30 01:01 . 2011-10-16 00:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2002-06-25 19:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-06-25 19:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2002-03-05 13:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 12:22 . 2011-10-16 05:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2002-06-25 19:33 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35 . 2002-06-25 19:20 60416 ----a-w- c:\windows\system32\packager.exe
2011-10-16 08:04 . 2011-10-16 08:04 16409960 ----a-w- c:\program files\spybotsd162.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-06_01.22.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 05:34 . 2012-02-16 05:34 16384 c:\windows\temp\Perflib_Perfdata_6a8.dat
+ 2002-06-25 19:21 . 2012-02-15 09:05 68578 c:\windows\system32\perfc009.dat
- 2002-06-25 19:15 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2002-06-25 19:15 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-06-25 19:09 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
- 2002-06-25 19:09 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-03-08 09:31 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 09:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 09:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:33 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 09:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-10-16 07:53 . 2012-02-15 09:01 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-02-15 09:01 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 09:06 . 2012-02-15 09:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-15 09:06 . 2012-02-15 09:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-11 22:56 . 2012-01-11 22:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2002-03-05 23:15 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2002-03-05 23:15 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2002-06-25 19:21 . 2012-02-15 09:05 435682 c:\windows\system32\perfh009.dat
- 2002-06-25 19:20 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2002-06-25 19:20 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2002-06-25 19:16 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2002-06-25 19:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2002-06-25 19:08 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2002-06-25 19:08 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2002-06-25 19:08 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2002-06-25 19:08 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2002-06-25 19:08 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
- 2002-06-25 19:08 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2011-10-12 19:02 . 2012-02-15 09:21 317952 c:\windows\system32\FNTCACHE.DAT
- 2011-10-12 19:02 . 2011-12-15 09:22 317952 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-08 09:34 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 09:34 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 09:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 09:34 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 09:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 09:31 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 09:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 19:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 09:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-15 09:01 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-15 09:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-15 09:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-15 09:01 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-15 09:01 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-15 09:10 . 2012-02-15 09:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-15 09:08 . 2012-02-15 09:08 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-15 09:08 . 2012-02-15 09:08 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-15 09:13 . 2012-02-15 09:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-15 09:09 . 2012-02-15 09:09 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-15 09:09 . 2012-02-15 09:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-15 09:10 . 2012-02-15 09:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-15 09:07 . 2012-02-15 09:07 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-15 09:10 . 2012-02-15 09:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-15 09:09 . 2012-02-15 09:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2002-03-05 23:13 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2002-03-05 23:13 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2002-03-05 13:54 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
- 2009-03-08 09:34 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:41 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
- 2011-10-16 06:22 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-16 06:22 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 09:39 . 2011-10-26 09:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-31 04:54 . 2011-10-31 04:54 2748416 c:\windows\Installer\301aff05.msp
+ 2012-02-03 21:13 . 2012-02-03 21:13 4988928 c:\windows\Installer\301afefe.msp
+ 2012-02-13 01:13 . 2012-02-13 01:13 1155072 c:\windows\Installer\24167c22.msi
+ 2011-10-16 07:53 . 2012-02-15 09:01 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-16 07:53 . 2012-02-15 09:01 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-10-16 07:53 . 2012-02-03 03:41 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-15 09:01 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-15 09:06 . 2012-02-15 09:06 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-15 09:08 . 2012-02-15 09:08 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 09:06 . 2012-02-15 09:06 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-15 09:08 . 2012-02-15 09:08 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-15 09:13 . 2012-02-15 09:13 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-15 09:13 . 2012-02-15 09:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-15 09:13 . 2012-02-15 09:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-15 09:09 . 2012-02-15 09:09 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
+ 2012-02-15 09:09 . 2012-02-15 09:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-15 09:11 . 2012-02-15 09:11 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-15 09:06 . 2012-02-15 09:06 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-11 22:57 . 2012-01-11 22:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-11 22:56 . 2012-01-11 22:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 09:05 . 2012-02-15 09:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-16 06:20 . 2012-02-15 09:02 52550552 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-12-18 20:46 11082240 c:\windows\system32\ieframe.dll
+ 2011-10-16 06:22 . 2011-12-18 20:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-02-15 09:01 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-15 09:08 . 2012-02-15 09:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-15 09:12 . 2012-02-15 09:12 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-15 09:10 . 2012-02-15 09:10 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-15 09:07 . 2012-02-15 09:07 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-15 09:06 . 2012-02-15 09:06 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 9:25 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 9:25 AM 488952]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S1 MpKsl8fe9bb30;MpKsl8fe9bb30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73FF3ED9-1D24-44E3-94B8-BF6F20F2422D}\MpKsl8fe9bb30.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/29/2011 6:57 PM 18560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-16 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Administrator Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-02-07 23:20]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1965331169-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-05 21:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe
AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe
AddRemove-{24557DC0-0839-496f-82F9-C4EB72EFE4FA} - c:\program files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 23:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,23,96,d2,ff,80,5c,4c,bf,c4,aa,\
.
[HKEY_USERS\S-1-5-21-854245398-1965331169-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,34,c7,97,ca,5c,eb,4d,96,aa,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1008)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-02-15 23:46:03
ComboFix-quarantined-files.txt 2012-02-16 05:45
ComboFix2.txt 2012-02-06 01:53
ComboFix3.txt 2012-02-06 01:25
ComboFix4.txt 2011-11-30 00:07
ComboFix5.txt 2012-02-16 05:27
.
Pre-Run: 96,815,149,056 bytes free
Post-Run: 96,908,963,840 bytes free
.
- - End Of File - - FBC336A67439C7229EC16522AFF89A22

#9 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 February 2012 - 12:55 AM

So what would I look for in these reports to tell me there is a virus or something bad?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 16 February 2012 - 05:30 AM

Hi,

there's something unusual, I think you may have a new variant that is able to recreate itself.

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 d_hurst

d_hurst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 February 2012 - 08:49 PM

I have windows XP pro, can I use Farbar? it says it was designed for Vista and windows 7. And what functions will not work anymore in safemode and normal startup? This isn't going to make changes or or wipe anything within my computer?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 17 February 2012 - 09:55 AM

Hi,

sorry, I must have missed that. It won't run from the windows recovery console.

Can you please run a new scan with OTL instead and use this custom scan:

netsvcs /all

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:46 PM

Posted 23 February 2012 - 11:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users