Author Topic: Malware infection (Read 26745 times)

ToniCarman · « **on:** July 20, 2010, 05:43:57 AM »

Hi,

I have seem to pick up malware again

Your forum was a great success back a few months ago when this happened. I tried to follow the repeat steps to fix, but nothing is working as I get a "security warning" message when trying to attempt anything. I can't get online and also can't get into safe mode. The only way I can run anything is to save it to my flash drive from my laptop and transfer to my PC and even then I have to copy it to my desktop and restart and then quickly click on it before it has time to boot up and flash the virus messages.

Suspicous file(s) in my Program list.
-Antimalware Doctor
-Uniblue

I downloaded and ran CCleaner- successfully

I attempted to download Super Antispyware but it would not install before the malware security messages booted, so I was unsuccessful.

I downloaded and installed Malarebytes' but it will not run.

I didn't move onto hijack this because it specified, after you run the other programs.

Is there anyway I can continue?

Thanks in advance for your time and help with this matter!

Sneakyone · « **Reply #1 on:** July 20, 2010, 03:55:30 PM »

Hi, Welcome back to Computerhope!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
Please post its log in your next reply.
After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=========

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

ToniCarman · « **Reply #2 on:** July 20, 2010, 04:55:20 PM »

Thanks so much for helping me with this!

Here are the log files you requested.

RKill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Toni on 07/20/2010 at 18:30:50.

Processes terminated by Rkill or while it was running:

Rkill completed on 07/20/2010 at 18:31:38.

OTL

OTL logfile created on: 7/20/2010 6:37:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Toni\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 101.11 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 227.52 Gb Total Space | 132.90 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive E: | 5.35 Gb Total Space | 3.41 Gb Free Space | 63.74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 1.91 Gb Total Space | 0.76 Gb Free Space | 39.76% Space Free | Partition Type: FAT

Computer Name: TONI-423C633C85
Current User Name: Toni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/28 14:57:50 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/05/28 14:57:50 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/05/27 06:53:56 | 000,238,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
PRC - [2010/05/27 06:53:53 | 000,185,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/04 12:18:13 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 06:15:13 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/23 02:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/05/21 20:14:48 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/05/21 20:14:48 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\VxBlockServer.exe
PRC - [2009/01/28 14:26:18 | 000,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2009/01/28 14:26:17 | 000,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/01/28 14:26:17 | 000,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/24 23:10:30 | 000,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2008/05/27 02:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/12 01:30:46 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2007/10/18 14:24:46 | 001,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2007/10/18 14:24:46 | 000,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2007/10/18 14:24:44 | 000,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2007/01/31 18:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/15 05:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
MOD - [2009/01/28 14:26:18 | 000,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOEHook.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/13 20:12:08 | 000,183,808 | ---- | M] () -- C:\WINDOWS\anuyuvasaxoga.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/28 14:57:50 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/05/27 06:53:53 | 000,185,680 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/04 12:18:13 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/21 20:14:48 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/06/24 23:10:30 | 000,281,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/01/12 01:30:46 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/10/18 14:24:46 | 001,010,192 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/10/18 14:24:46 | 000,801,296 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 14:24:44 | 000,145,936 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2007/01/31 18:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/03 12:35:38 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/03 12:35:38 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/11/09 08:28:35 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/11/09 08:28:35 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/11/09 08:28:35 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/11/09 08:28:35 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/09/18 03:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/26 11:26:54 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 11:26:42 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/24 23:08:58 | 000,093,712 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2008/06/24 23:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 23:08:52 | 000,115,216 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2008/06/24 23:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 23:08:42 | 000,134,648 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 23:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 23:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/09 21:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/17 01:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/27 04:33:54 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 04:33:50 | 000,058,368 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5.112
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{5A4D470B-C9C5-4452-AC72-95292AA9588B}: C:\Documents and Settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B} [2010/07/19 20:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/12 12:33:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 12:03:17 | 000,000,000 | ---D | M]

[2009/01/29 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Extensions
[2010/07/17 12:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions
[2010/07/13 12:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/17 10:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\[email protected]
[2009/10/09 13:45:36 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\searchplugins\ask.xml
[2010/07/17 12:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 12:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/04/16 08:22:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {675B23E3-279D-4AEF-B6F7-5783DA94959C} - C:\WINDOWS\system32\hbfqp.dll ()
O2 - BHO: (adShotHlpr Object) - {6892BD80-AD3F-4F86-BF67-05DDFC491C6E} - C:\WINDOWS\system32\lbfqp.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\ybfqp.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\lbfqp.dll ()
O4 - HKLM..\Run: [Swisen] C:\WINDOWS\anuyuvasaxoga.DLL ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe ()
O4 - HKCU..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKCU..\Run: [Usorijaxesab] C:\WINDOWS\dimspstl.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.79,93.188.166.229
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/28 09:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{74cfcd01-91cf-11df-9f4e-0021970ed2b7}\Shell\AutoRun\command - "" = N:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell - "" = AutoRun
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D94459EA-8CB9-BA5A-C767-15A76912DFBE} - Vector Graphics Rendering (VML)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68693505068761088)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/20 18:36:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
[2010/07/20 07:34:08 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toni\Desktop\mbam-setup-1.46.exe
[2010/07/20 07:15:38 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Toni\Desktop\SUPERAntiSpyware.exe
[2010/07/20 07:07:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Toni\Recent
[2010/07/20 06:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/20 06:55:50 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Toni\Desktop\ccsetup233.exe
[2010/07/20 06:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 06:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}
[2010/07/19 20:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Sky-Banners
[2010/07/19 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Street-Ads
[2010/07/19 20:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp
[2010/07/19 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C
[2010/07/18 12:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/18 12:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\OpenCandy
[2010/07/18 12:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\OpenCandy
[2010/07/18 12:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/07/18 12:02:08 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/07/18 12:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/07/18 12:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Winamp
[2010/07/17 11:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\AskToolbar
[2010/07/16 16:20:01 | 000,322,352 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Toni\Desktop\utorrent.exe
[2010/07/14 09:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Avery
[2010/07/14 09:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2010/07/14 09:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/07/14 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/07/14 09:05:41 | 089,582,136 | ---- | C] (Avery Dennison Corporation) -- C:\Program Files\DesignPro5_5_Limited.exe
[2010/07/14 05:10:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\My Documents\Resumes
[2010/07/10 15:45:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/23 16:24:01 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Toni\Desktop\ChromeSetup.exe
[2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/20 18:37:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/20 18:31:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/20 18:31:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/20 18:31:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/20 18:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/20 18:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
[2010/07/20 18:29:08 | 000,191,655 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/20 18:28:46 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\09f7619a.job
[2010/07/20 18:28:39 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/20 18:28:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/20 18:28:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 18:28:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 18:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/20 18:28:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/20 15:57:42 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Toni\NTUSER.DAT
[2010/07/20 15:57:34 | 000,227,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/20 15:57:03 | 000,002,976 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/07/20 15:53:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 08:28:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Toni\ntuser.ini
[2010/07/20 08:01:04 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/20 07:31:58 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toni\Desktop\mbam-setup-1.46.exe
[2010/07/20 07:07:12 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Toni\Desktop\SUPERAntiSpyware.exe
[2010/07/20 06:57:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\CCleaner.lnk
[2010/07/20 06:53:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vxahaxedakokox.bin
[2010/07/20 06:48:58 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Toni\Desktop\ccsetup233.exe
[2010/07/19 20:48:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 20:42:25 | 000,767,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\sofih.sys
[2010/07/19 20:38:04 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rloqezaxijoyig.dat
[2010/07/19 20:36:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/19 20:36:17 | 000,001,174 | ---- | M] () -- C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/19 20:36:17 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/19 20:36:15 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
[2010/07/18 12:25:40 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 12:03:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/18 12:03:56 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/07/18 12:03:27 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/18 12:03:27 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/07/17 20:58:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\vso_ts_preview.xml
[2010/07/16 18:46:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 16:20:13 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/16 16:20:13 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/16 16:19:59 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Toni\Desktop\utorrent.exe
[2010/07/16 00:06:20 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hbfqp.dll
[2010/07/16 00:06:04 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\lbfqp.dll
[2010/07/15 11:39:37 | 000,395,984 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/14 12:27:03 | 004,429,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/14 09:07:20 | 089,582,136 | ---- | M] (Avery Dennison Corporation) -- C:\Program Files\DesignPro5_5_Limited.exe
[2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\ybfqp.exe
[2010/07/11 09:50:16 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/11 08:39:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 17:17:37 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Adobe PNG Format CS5 Prefs
[2010/07/09 12:38:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Toni\My Documents\~$ni Carman Resume_Sept 2009.doc
[2010/07/08 10:52:49 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 10:52:48 | 000,551,782 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 10:52:48 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/04 11:53:29 | 000,002,108 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\rx_audio.Cache
[2010/07/02 09:52:35 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.lnk
[2010/07/01 18:01:59 | 000,120,197 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\mug template.pdf
[2010/06/29 09:11:54 | 000,204,348 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\tonisigbyruby.png
[2010/06/23 16:23:53 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Toni\Desktop\ChromeSetup.exe
[2010/06/23 11:24:23 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
[2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/20 07:16:04 | 000,002,976 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/07/20 06:57:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\CCleaner.lnk
[2010/07/19 20:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vxahaxedakokox.bin
[2010/07/19 20:38:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rloqezaxijoyig.dat
[2010/07/19 20:36:18 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/19 20:36:17 | 000,001,174 | ---- | C] () -- C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/19 20:36:17 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/19 20:36:10 | 000,001,162 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
[2010/07/19 20:36:04 | 000,767,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\sofih.sys
[2010/07/19 20:36:00 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/19 20:35:51 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\09f7619a.job
[2010/07/18 12:03:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/18 12:03:56 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/07/18 12:03:27 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/18 12:03:27 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/07/16 16:20:13 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/16 16:20:13 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/16 00:06:20 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hbfqp.dll
[2010/07/16 00:06:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lbfqp.dll
[2010/07/14 09:10:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/13 20:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\ybfqp.exe
[2010/07/12 11:35:59 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/09 12:38:18 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Toni\My Documents\~$ni Carman Resume_Sept 2009.doc
[2010/07/05 17:20:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Adobe PNG Format CS5 Prefs
[2010/07/04 11:53:14 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\rx_audio.Cache
[2010/07/02 09:52:35 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.lnk
[2010/07/01 18:01:58 | 000,120,197 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\mug template.pdf
[2010/06/29 09:11:54 | 000,204,348 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\tonisigbyruby.png
[2009/06/04 09:35:32 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/02/17 15:39:44 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/30 01:46:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/28 14:22:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/02/04 22:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 14:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 14:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 14:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/15 20:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2006/10/31 02:35:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 02:35:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 02:35:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 02:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 02:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 02:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\anuyuvasaxoga.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/04 13:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/28 00:52:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/28 00:52:35 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/28 00:52:35 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/20 18:28:10 | 000,085,815 | ---- | M] () -- C:\aaw7boot.log
[2009/01/28 09:08:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/28 09:04:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/16 08:09:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/28 14:24:17 | 000,036,412 | ---- | M] () -- C:\caavsetupLog.txt
[2010/05/29 08:15:39 | 000,478,789 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/16 08:27:08 | 000,023,340 | ---- | M] () -- C:\ComboFix.txt
[2009/01/28 09:08:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/13 19:07:44 | 000,024,152 | ---- | M] () -- C:\debug.log
[2009/01/28 09:08:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/10 14:19:48 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/01/28 09:08:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/28 11:00:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/20 18:28:11 | 2011,607,040 | -HS- | M] () -- C:\pagefile.sys
[2010/07/20 18:31:38 | 000,000,317 | ---- | M] () -- C:\rkill.log
[2009/12/17 23:22:46 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2010/07/19 20:36:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %PROGRAMFILES%\*. >
[2010/07/10 13:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/16 15:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/01/30 12:45:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/17 10:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/07/14 09:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2009/06/10 15:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/03/15 21:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\BookSmart
[2009/01/28 14:24:22 | 000,00

Sneakyone · « **Reply #3 on:** July 20, 2010, 08:51:54 PM »

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
MOD - [2008/04/13 20:12:08 | 000,183,808 | ---- | M] () -- C:\WINDOWS\anuyuvasaxoga.dll
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\ybfqp.exe ()
O4 - HKLM..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\lbfqp.dll ()
O4 - HKLM..\Run: [Swisen] C:\WINDOWS\anuyuvasaxoga.DLL ()
O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe ()
O4 - HKCU..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKCU..\Run: [Usorijaxesab] C:\WINDOWS\dimspstl.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)

:Files
C:\WINDOWS\anuyuvasaxoga.dll
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C
C:\WINDOWS\tasks\09f7619a.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\WINDOWS\Vxahaxedakokox.bin
C:\WINDOWS\System32\drivers\sofih.sys
C:\WINDOWS\Rloqezaxijoyig.dat
C:\zrpt.xml
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\System32\hbfqp.dll
C:\WINDOWS\System32\lbfqp.dll
C:\WINDOWS\System32\ybfqp.exe
C:\WINDOWS\lsrslt.ini

:commands
[emptytemp]
[resethosts]
[reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Note: If this fix becomes unresponsive please move on to ComboFix.

=========

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

ToniCarman · « **Reply #4 on:** July 21, 2010, 08:50:24 AM »

I had to restart the computer before applying fix because it was frozen - not sure exactly why- but I couldn't do anything. After reboot the malware was back (like you stated it would be) I reran rkill and then applied fix.

rkill log - run 2

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Toni on 07/21/2010 at 7:13:07.

Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe
C:\Documents and Settings\Toni\Local Settings\temp\3.tmp\nircmdc.rkexe

Rkill completed on 07/21/2010 at 7:13:37.

Rkill completed on 07/21/2010 at 7:14:29.

Then I ran the fix-

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\ybfqp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pijippxx deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
C:\WINDOWS\system32\lbfqp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Swisen deleted successfully.
C:\WINDOWS\anuyuvasaxoga.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe deleted successfully.
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pijippxx deleted successfully.
File C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Usorijaxesab deleted successfully.
C:\WINDOWS\dimspstl.dll moved successfully.
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\anuyuvasaxoga.dll not found.
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp folder moved successfully.
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C folder moved successfully.
C:\WINDOWS\tasks\09f7619a.job moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\WINDOWS\Vxahaxedakokox.bin moved successfully.
C:\WINDOWS\System32\drivers\sofih.sys moved successfully.
C:\WINDOWS\Rloqezaxijoyig.dat moved successfully.
C:\zrpt.xml moved successfully.
File\Folder C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\System32\hbfqp.dll moved successfully.
File\Folder C:\WINDOWS\System32\lbfqp.dll not found.
File\Folder C:\WINDOWS\System32\ybfqp.exe not found.
C:\WINDOWS\lsrslt.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 20 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8304367 bytes
->Flash cache emptied: 948 bytes

User: Toni
->Temp folder emptied: 12656977 bytes
->Temporary Internet Files folder emptied: 180430 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35557849 bytes
->Google Chrome cache emptied: 412120234 bytes
->Flash cache emptied: 3279 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 198375 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40721346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5479344 bytes

Total Files Cleaned = 492.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07212010_071812

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I have been attempting to run combo fix for the last 3 hours. The blue Auto scan box is displayed stating " Scanning for infected files... This typically doesn't take more then 10 minutes. However, scan times for badly infected machines can easily double."

Should it take this long? I will continue the scan, but wanted to post an update just in case there is something else I should do.

Sneakyone · « **Reply #5 on:** July 21, 2010, 11:12:03 AM »

Hi,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

ToniCarman · « **Reply #6 on:** July 21, 2010, 05:02:25 PM »

I ran GMER and it scanned forever.. upon clicking OK- no log was displayed.

There was something that popped up on the screen- Just-In-Time Bugging (I tried to capture a screenshot to show you but the computer froze up) This showed up before when running a previous scan but it still let me continue. I wasn't sure what to select for this, so I left it alone. Microsoft Recovery Console was within the message box.

After the computer froze I reset the computer and redid the GMER scan. An error message was displayed that the scan couldn't continue to select OK or Cancel. I selected OK.

I tried to do it again, but nothing was displayed upon selecting the GMER.exe icon.

Not sure how to proceed.

Sneakyone · « **Reply #7 on:** July 21, 2010, 05:30:05 PM »

Hi,

To disable CD Emulation programs using DeFogger please perform these steps:

Please download DeFogger to your desktop.
Once downloaded, double-click on the DeFogger icon to start the tool.
The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
When it prompts you whether or not you want to continue, please click on the Yes button to continue
When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

=================

Now, please try running ComboFix again, please tell me how this process goes.

ToniCarman · « **Reply #8 on:** July 21, 2010, 06:20:28 PM »

Did the DeFogger successfully. Re ran Combo Fix and it went through all begining prompts and we are at the same screen (for 20 mins and no change)- "Scanning for infected files...this typically doesn't take more then 10 mins. However, scan times for badly infected machines may easily double". Last time it did the for 5 hours and no change.

Sneakyone · « **Reply #9 on:** July 21, 2010, 06:28:16 PM »

Hmm, odd.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

ToniCarman · « **Reply #10 on:** July 21, 2010, 06:41:27 PM »

Bootkit Remover Output:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive1
MD5: 35c61e6d485a3163078db7b3aca68eea
\\.\E: -> \\.\PhysicalDrive1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
232 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

Sneakyone · « **Reply #11 on:** July 21, 2010, 06:45:16 PM »

Hi,

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive1
EXIT

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

ToniCarman · « **Reply #12 on:** July 21, 2010, 06:53:24 PM »

Begins running and a messages is displayed to reboot.

I rebooted. Opened fine. Any next steps?

Sneakyone · « **Reply #13 on:** July 21, 2010, 07:34:32 PM »

Hi,

Please run it again as you did the first time, so I can make sure it is gone?

ToniCarman · « **Reply #14 on:** July 21, 2010, 07:50:29 PM »

reran:

Bootkit Remover cersion 1.0.0.1
<c> 2009 eSage Lab
www.esagelab.com

Restoring book code at \\.\Phiscaldrive1...
OK

Press any key to quit...

Sneakyone · « **Reply #15 on:** July 21, 2010, 09:58:33 PM »

Hi,

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

ToniCarman · « **Reply #16 on:** July 21, 2010, 11:44:59 PM »

MBRCheck, version 1.1.1
<c> 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive1
\\.\E: --> \\.\PhysicalDrive1

Size Device Name MBR Status
----------------------------------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected

Found non-standard for infected MBR
Enter 'Y' and hit entere for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a phyical disk with a standard boot code
[3] Exit

Enter your choice:

Sneakyone · « **Reply #17 on:** July 21, 2010, 11:48:58 PM »

Hi,

Run MBRCheck.exe

Run MBRCheck.exe
Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter 2 and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
When asked Do you want to fix the MBR code? type in YES and press enter
Restart your PC.

ToniCarman · « **Reply #18 on:** July 21, 2010, 11:52:50 PM »

ok, restarted

Sneakyone · « **Reply #19 on:** July 21, 2010, 11:54:04 PM »

Hi,

Could you please run MBRCheck again and post the log here, to be sure it is gone.

ToniCarman · « **Reply #20 on:** July 21, 2010, 11:55:19 PM »

MBRCheck, version 1.1.1
<c> 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive1
\\.\E: --> \\.\PhysicalDrive1

Size Device Name MBR Status
----------------------------------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected

Done! Press ENTER to exit....

Sneakyone · « **Reply #21 on:** July 21, 2010, 11:59:49 PM »

Hi,

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

ToniCarman · « **Reply #22 on:** July 22, 2010, 12:21:02 AM »

Yay! It ran!

Then automatically rebooted.

Combofix log:

ComboFix 10-07-21.02 - Toni 07/22/2010 2:11.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1181 [GMT -4:00]
Running from: c:\documents and settings\Toni\desktop\commy.exe
Command switches used :: /stepdel
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toni\Application Data\Sky-Banners
c:\documents and settings\Toni\Application Data\Street-Ads
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor
c:\windows\$NtUninstallMTF1011$
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Toni\Application Data\09f7619a.exe
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome.manifest
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome\content\_cfg.js
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome\content\overlay.xul
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\install.rdf
c:\documents and settings\Toni\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\system32\ernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-21 13:54 . 2010-07-21 14:49   --------   d-----w-   C:\commy21098c
2010-07-21 11:25 . 2010-07-21 12:14   --------   d-----w-   C:\commy
2010-07-21 11:18 . 2010-07-21 11:18   --------   d-----w-   C:\_OTL
2010-07-20 10:57 . 2010-07-20 10:57   --------   d-----w-   c:\program files\CCleaner
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Uniblue
2010-07-18 16:03 . 2010-07-18 16:03   4057620   ----a-w-   c:\documents and settings\Toni\Application Data\OpenCandy\OpenCandy_DC2CFC93B76549EA900F7868E1DEF338\registrybooster1-Wrapped.exe
2010-07-18 16:03 . 2010-07-18 16:06   --------   d-----w-   c:\documents and settings\Toni\Local Settings\Application Data\OpenCandy
2010-07-18 16:03 . 2010-07-18 16:03   331304   ----a-w-   c:\documents and settings\Toni\Application Data\OpenCandy\OpenCandy_DC2CFC93B76549EA900F7868E1DEF338\DLMgr_3_1.6.44.exe
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\documents and settings\Toni\Application Data\OpenCandy
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Winamp Detect
2010-07-18 16:01 . 2010-07-18 16:51   --------   d-----w-   c:\documents and settings\Toni\Application Data\Winamp
2010-07-18 16:01 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Winamp
2010-07-17 15:37 . 2010-07-21 16:00   --------   d-----w-   c:\documents and settings\Toni\Local Settings\Application Data\AskToolbar
2010-07-15 16:36 . 2010-07-15 16:36   2944904   ----a-w-   c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-07-14 13:39 . 2010-07-14 13:39   --------   d-----w-   c:\documents and settings\Toni\Application Data\Avery
2010-07-14 13:24 . 2010-07-14 13:24   --------   d-----w-   c:\program files\Avery Dennison
2010-07-14 13:24 . 2010-07-14 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avery
2010-07-14 13:10 . 2010-07-17 14:02   --------   d-----w-   c:\program files\Ask.com
2010-07-14 13:05 . 2010-07-14 13:07   89582136   ----a-w-   c:\program files\DesignPro5_5_Limited.exe
2010-07-14 09:10 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 15:35 . 2010-07-12 15:35   2272   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-10 14:39 . 2010-07-10 14:39   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 06:17 . 2009-02-17 19:40   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-07-22 06:17 . 2009-02-17 19:38   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-07-22 06:16 . 2009-01-28 19:20   227220   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2010-07-22 05:55 . 2010-04-09 13:47   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-07-20 19:53 . 2010-03-10 14:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-18 00:58 . 2009-08-13 23:13   --------   d-----w-   c:\documents and settings\Toni\Application Data\Vso
2010-07-16 20:20 . 2010-03-22 17:58   --------   d-----w-   c:\program files\uTorrent
2010-07-15 15:39 . 2009-01-30 16:19   395984   ----a-w-   c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 13:33 . 2009-01-28 14:38   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-10 23:55 . 2010-02-11 12:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Roxio
2010-06-25 18:51 . 2009-02-04 05:06   --------   d-----w-   c:\documents and settings\Toni\Application Data\ZoomBrowser EX
2010-06-25 18:50 . 2009-01-31 18:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-06-19 16:23 . 2009-02-03 02:26   --------   d-----w-   c:\documents and settings\Toni\Application Data\AdobeUM
2010-06-17 15:46 . 2010-06-16 20:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-16 20:25 . 2009-01-30 07:02   --------   d-----w-   c:\program files\Common Files\Adobe
2010-06-16 19:40 . 2010-06-16 19:40   --------   d-----w-   c:\program files\Adobe Media Player
2010-06-16 19:39 . 2010-06-16 19:39   10134   ----a-r-   c:\documents and settings\Toni\Application Data\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-06-16 19:39 . 2010-06-16 19:39   --------   d-----w-   c:\program files\My Company Name
2010-06-16 19:34 . 2010-06-16 19:34   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-06-16 16:18 . 2009-02-26 02:14   --------   d-----w-   c:\documents and settings\Toni\Application Data\Move Networks
2010-06-14 19:58 . 2010-06-14 19:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\vsosdk
2010-06-14 14:31 . 2009-01-28 13:06   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:14 . 2010-06-13 18:06   --------   d-----w-   c:\program files\PeerGuardian2
2010-06-07 00:19 . 2010-05-04 17:20   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-03 16:35 . 2009-07-09 01:42   1561896   ----a-w-   c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2010-06-03 16:35 . 2009-01-28 18:24   746216   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2010-06-03 16:35 . 2009-01-28 18:24   130280   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2010-05-28 18:57 . 2009-01-28 18:24   91472   ----a-w-   c:\windows\system32\isafprod.dll
2010-05-04 17:20 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-10 14:04   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-10 14:04   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-02 17:02 . 2010-02-02 17:02   1438976   ----a-w-   c:\program files\MoveMediaPlayerWin_071505000011.exe
2010-02-01 01:43 . 2010-02-01 01:43   2107456   ----a-w-   c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-31 12:26 . 2010-01-31 12:26   1533702   ----a-w-   c:\program files\gburner27.exe
2009-08-13 23:06 . 2009-08-13 23:05   7741336   ----a-w-   c:\program files\DivX521XP2K_1.exe
2009-08-13 22:54 . 2009-08-13 22:53   4526458   ----a-w-   c:\program files\WinAVI_Video_Converter.exe
2009-06-16 21:38 . 2009-06-16 21:38   2144584   ----a-w-   c:\program files\InstallFirefoxPluginV3.exe
2009-06-12 22:34 . 2009-06-12 22:30   24527365   ----a-w-   c:\program files\FreeVideoConverter.exe
2009-03-05 21:24 . 2009-03-05 21:24   4909440   ----a-w-   c:\program files\Silverlight.2.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-15_11.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07   57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19   69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41   97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-07-22 06:17 . 2010-07-22 06:17   16384 c:\windows\temp\Perflib_Perfdata_4e8.dat
- 2008-04-14 00:12 . 2010-01-23 08:11   46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 00:12 . 2010-04-21 13:28   46080 c:\windows\system32\tzchange.exe
+ 2006-03-25 00:00 . 2006-03-25 00:00   45056 c:\windows\system32\spool\prtprocs\w32x86\iQ17cEI7q.dll
+ 2005-05-24 00:00 . 2005-05-24 00:00   45056 c:\windows\system32\spool\prtprocs\w32x86\aAA17eI.dll
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\pxinsa64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\pxinsa64.exe
+ 2010-07-18 16:02 . 2009-04-28 20:20   72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\pxcpya64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\pxcpya64.exe
+ 2010-03-31 04:16 . 2010-03-31 04:16   99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-03-14 12:53   78958 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-07-08 14:52   78958 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07   49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 02:17 . 2009-11-06 02:17   11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   27648 c:\windows\system32\jsproxy.dll
+ 2007-08-14 02:39 . 2010-05-04 12:39   13824 c:\windows\system32\ieudinit.exe
- 2007-08-14 02:39 . 2010-03-10 13:18   13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2010-03-10 13:18   70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-05-04 12:39   70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 02:36 . 2010-03-11 12:38   63488 c:\windows\system32\icardie.dll
+ 2007-08-14 02:36 . 2010-05-04 17:20   63488 c:\windows\system32\icardie.dll
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\drvins64.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\drvins64.exe
+ 2009-07-09 07:00 . 2009-07-09 07:00   45200 c:\windows\system32\drivers\pxhelp20.sys
- 2009-07-09 08:00 . 2009-07-09 08:00   45200 c:\windows\system32\drivers\pxhelp20.sys
+ 2007-08-14 02:36 . 2010-05-04 17:20   44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 02:36 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-28 15:29 . 2010-03-10 13:18   13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-01-28 15:29 . 2010-05-04 12:39   13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-14 02:39 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 02:45 . 2010-05-04 17:20   78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-14 02:45 . 2010-03-11 12:38   78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 02:39 . 2010-05-04 12:39   70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 02:39 . 2010-03-10 13:18   70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-28 15:29 . 2010-05-04 17:20   63488 c:\windows\system32\dllcache\icardie.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 02:42 . 2010-05-04 17:20   17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-14 02:42 . 2010-03-11 12:38   17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37   65536 c:\windows\system32\dllcache\asycfilt.dll
- 2009-01-28 13:12 . 2009-03-24 23:16   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-28 13:12 . 2010-07-10 19:48   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-28 13:12 . 2009-03-24 23:16   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-07 15:17 . 2010-07-10 19:48   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2010-03-05 14:37   65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 03:16 . 2008-07-30 03:16   32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31   30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 05:30 . 2008-05-28 05:30   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 03:19 . 2003-02-21 03:19   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-16 19:40 . 2010-06-16 19:40   22016 c:\windows\Installer\a68879.msi
+ 2010-06-16 19:34 . 2010-06-16 19:34   22528 c:\windows\Installer\a6885b.msi
+ 2010-06-16 19:34 . 2010-06-16 19:34   27648 c:\windows\Installer\a68853.msi
+ 2010-05-04 17:20 . 2010-05-04 17:20   49664 c:\windows\Installer\35251f9.msi
+ 2010-06-15 00:32 . 2010-06-15 00:32   21504 c:\windows\Installer\1712a6bf.msi
+ 2010-07-14 13:26 . 2010-07-14 13:26   40960 c:\windows\Installer\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-06-16 20:25 . 2010-06-16 20:25   81920 c:\windows\Installer\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}\ARPPRODUCTICON.exe
+ 2010-05-08 16:34 . 2010-05-08 16:34   25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-08 16:34 . 2010-05-08 16:34   25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-10 12:21 . 2010-06-10 12:21   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-14 03:51 . 2010-04-14 03:51   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-05-04 17:26 . 2010-06-04 07:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-16 19:43 . 2010-06-16 19:43   81920 c:\windows\Installer\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-06-16 19:33 . 2010-06-16 19:33   10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-06-10 11:51 . 2010-03-11 12:38   44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-10 11:52 . 2010-03-10 13:18   13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-10 11:52 . 2010-03-11 12:38   44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-10 11:52 . 2010-03-10 13:18   70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-10 11:52 . 2010-03-11 12:38   63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ee3c85bd\System.Drawing.Design.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b31c6c1f\CustomMarshalers.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\11b5c5344eb40eeb36a818d2824fe3a1\WindowsLiveWriter.ni.exe
+ 2010-06-10 12:29 . 2010-06-10 12:29   99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c69cc7d4e4fca9aa892ddfacc64cddb2\WindowsLive.Writer.Api.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-24 07:13 . 2010-06-24 07:13   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-10 12:12 . 2010-06-10 12:12   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-24 07:09 . 2010-06-24 07:09   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-10 12:10 . 2010-06-10 12:10   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 07:08 . 2010-06-24 07:08   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-01-28 15:35 . 2009-01-28 15:35   32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-26 07:00 . 2010-01-23 08:11   46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 07:00 . 2010-04-22 22:21   16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 12:12 . 2008-04-14 00:11   65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-06-10 11:52 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
+ 2010-06-10 11:52 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19   13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19   70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
+ 2010-05-04 17:19 . 2010-05-04 17:19   17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-10 12:19 . 2009-05-26 09:01   26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 12:19 . 2009-05-26 09:01   17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52   65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-10 12:12 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 12:12 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-06-23 08:00 . 2009-06-23 08:00   9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2009-06-23 07:00 . 2009-06-23 07:00   9200 c:\windows\system32\drivers\cdralw2k.sys
- 2009-06-23 08:00 . 2009-06-23 08:00   9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-06-23 07:00 . 2009-06-23 07:00   9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2010-07-14 13:26 . 2010-07-14 13:26   2238 c:\windows\Installer\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}\Shortcut1_71F6DF7DB6394FADBA93E6DF267AA44D.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-24 07:04 . 2010-06-24 07:04   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-17 07:14 . 2009-10-17 07:14   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12   632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09   554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08   479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   105984 c:\windows\system32\url.dll
+ 2009-07-10 02:03 . 2009-07-10 02:03   125424 c:\windows\system32\pxinsi64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   125424 c:\windows\system32\pxinsi64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   123888 c:\windows\system32\pxcpyi64.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   123888 c:\windows\system32\pxcpyi64.exe
+ 2010-03-31 04:10 . 2010-03-31 04:10   295264 c:\windows\system32\PresentationHost.exe
- 2004-08-04 12:00 . 2010-03-14 12:53   465072 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-08 14:52   465072 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-05-04 17:20   102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   477696 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   459264 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   459264 c:\windows\system32\msfeeds.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   297808 c:\windows\system32\mscoree.dll
+ 2010-06-16 20:25 . 2010-06-16 20:25   223184 c:\windows\system32\Macromed\Flash\FlashUtil10g_Plugin.exe
+ 2010-06-16 19:43 . 2010-06-16 19:43   223184 c:\windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe
+ 2010-06-16 19:43 . 2010-06-16 19:43   268240 c:\windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.dll
+ 2009-01-28 13:06 . 2010-01-29 15:01   691712 c:\windows\system32\inetcomm.dll
- 2009-01-28 13:06 . 2008-04-11 19:04   691712 c:\windows\system32\inetcomm.dll
- 2007-08-14 02:34 . 2010-03-11 12:38   268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2010-05-04 17:20   268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 20:27 . 2010-03-11 12:38   380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 20:27 . 2010-05-04 17:20   380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-04-16 11:43   161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   347136 c:\windows\system32\dxtmsft.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-28 14:49 . 2010-01-29 15:01   691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-01-28 14:49 . 2008-04-11 19:04   691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-14 02:43 . 2010-04-16 11:43   634656 c:\windows\system32\dllcache\iexplore.exe
+ 2009-01-28 15:29 . 2010-05-04 17:20   268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-04-16 11:43   161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 02:35 . 2010-05-04 17:20   214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-14 02:35 . 2010-03-11 12:38   214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 02:35 . 2010-05-04 17:20   347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 02:35 . 2010-03-11 12:38   347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30   285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-28 14:40 . 2008-04-13 16:39   142592 c:\windows\system32\dllcache\aec.sys
- 2007-08-14 02:39 . 2010-03-11 12:38   124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2008-04-14 00:09   285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-04-20 05:30   285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   124928 c:\windows\system32\advpack.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16   130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 03:16 . 2008-07-30 03:16   110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31   435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22   258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 19:17 . 2008-07-25 19:17   258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 05:30 . 2008-05-28 05:30   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-06-10 12:22 . 2010-06-10 12:22   200192 c:\windows\Installer\be07f0b.msi
+ 2010-02-25 04:14 . 2010-02-25 04:14   543232 c:\windows\Installer\be07e85.msp
+ 2010-06-16 19:39 . 2010-06-16 19:39   454144 c:\windows\Installer\a68871.msi
+ 2010-06-16 19:33 . 2010-06-16 19:33   356352 c:\windows\Installer\a6884b.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   315392 c:\windows\Installer\a68843.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   316928 c:\windows\Installer\a6883b.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   356864 c:\windows\Installer\a68833.msi
+ 2010-06-16 19:31 . 2010-06-16 19:31   359424 c:\windows\Installer\a6882b.msi
+ 2010-06-16 19:31 . 2010-06-16 19:31   356352

Sneakyone · « **Reply #23 on:** July 22, 2010, 01:17:57 PM »

Hi,

Your log is cut off, could you please post the full log.

ToniCarman · « **Reply #24 on:** July 22, 2010, 02:02:40 PM »

Oh goodness...sorry!

Here you go.

ComboFix 10-07-21.02 - Toni 07/22/2010 2:11.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1181 [GMT -4:00]
Running from: c:\documents and settings\Toni\desktop\commy.exe
Command switches used :: /stepdel
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toni\Application Data\Sky-Banners
c:\documents and settings\Toni\Application Data\Street-Ads
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor
c:\windows\$NtUninstallMTF1011$
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Toni\Application Data\09f7619a.exe
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome.manifest
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome\content\_cfg.js
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\chrome\content\overlay.xul
c:\documents and settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}\install.rdf
c:\documents and settings\Toni\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Toni\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\system32\ernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-21 13:54 . 2010-07-21 14:49   --------   d-----w-   C:\commy21098c
2010-07-21 11:25 . 2010-07-21 12:14   --------   d-----w-   C:\commy
2010-07-21 11:18 . 2010-07-21 11:18   --------   d-----w-   C:\_OTL
2010-07-20 10:57 . 2010-07-20 10:57   --------   d-----w-   c:\program files\CCleaner
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Uniblue
2010-07-18 16:03 . 2010-07-18 16:03   4057620   ----a-w-   c:\documents and settings\Toni\Application Data\OpenCandy\OpenCandy_DC2CFC93B76549EA900F7868E1DEF338\registrybooster1-Wrapped.exe
2010-07-18 16:03 . 2010-07-18 16:06   --------   d-----w-   c:\documents and settings\Toni\Local Settings\Application Data\OpenCandy
2010-07-18 16:03 . 2010-07-18 16:03   331304   ----a-w-   c:\documents and settings\Toni\Application Data\OpenCandy\OpenCandy_DC2CFC93B76549EA900F7868E1DEF338\DLMgr_3_1.6.44.exe
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\documents and settings\Toni\Application Data\OpenCandy
2010-07-18 16:03 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Winamp Detect
2010-07-18 16:01 . 2010-07-18 16:51   --------   d-----w-   c:\documents and settings\Toni\Application Data\Winamp
2010-07-18 16:01 . 2010-07-18 16:03   --------   d-----w-   c:\program files\Winamp
2010-07-17 15:37 . 2010-07-21 16:00   --------   d-----w-   c:\documents and settings\Toni\Local Settings\Application Data\AskToolbar
2010-07-15 16:36 . 2010-07-15 16:36   2944904   ----a-w-   c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-07-14 13:39 . 2010-07-14 13:39   --------   d-----w-   c:\documents and settings\Toni\Application Data\Avery
2010-07-14 13:24 . 2010-07-14 13:24   --------   d-----w-   c:\program files\Avery Dennison
2010-07-14 13:24 . 2010-07-14 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avery
2010-07-14 13:10 . 2010-07-17 14:02   --------   d-----w-   c:\program files\Ask.com
2010-07-14 13:05 . 2010-07-14 13:07   89582136   ----a-w-   c:\program files\DesignPro5_5_Limited.exe
2010-07-14 09:10 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 15:35 . 2010-07-12 15:35   2272   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-10 14:39 . 2010-07-10 14:39   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 06:17 . 2009-02-17 19:40   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-07-22 06:17 . 2009-02-17 19:38   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-07-22 06:16 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-07-22 06:16 . 2009-01-28 19:20   227220   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2010-07-22 05:55 . 2010-04-09 13:47   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-07-20 19:53 . 2010-03-10 14:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-18 00:58 . 2009-08-13 23:13   --------   d-----w-   c:\documents and settings\Toni\Application Data\Vso
2010-07-16 20:20 . 2010-03-22 17:58   --------   d-----w-   c:\program files\uTorrent
2010-07-15 15:39 . 2009-01-30 16:19   395984   ----a-w-   c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 13:33 . 2009-01-28 14:38   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-10 23:55 . 2010-02-11 12:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Roxio
2010-06-25 18:51 . 2009-02-04 05:06   --------   d-----w-   c:\documents and settings\Toni\Application Data\ZoomBrowser EX
2010-06-25 18:50 . 2009-01-31 18:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-06-19 16:23 . 2009-02-03 02:26   --------   d-----w-   c:\documents and settings\Toni\Application Data\AdobeUM
2010-06-17 15:46 . 2010-06-16 20:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-16 20:25 . 2009-01-30 07:02   --------   d-----w-   c:\program files\Common Files\Adobe
2010-06-16 19:40 . 2010-06-16 19:40   --------   d-----w-   c:\program files\Adobe Media Player
2010-06-16 19:39 . 2010-06-16 19:39   10134   ----a-r-   c:\documents and settings\Toni\Application Data\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-06-16 19:39 . 2010-06-16 19:39   --------   d-----w-   c:\program files\My Company Name
2010-06-16 19:34 . 2010-06-16 19:34   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-06-16 16:18 . 2009-02-26 02:14   --------   d-----w-   c:\documents and settings\Toni\Application Data\Move Networks
2010-06-14 19:58 . 2010-06-14 19:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\vsosdk
2010-06-14 14:31 . 2009-01-28 13:06   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:14 . 2010-06-13 18:06   --------   d-----w-   c:\program files\PeerGuardian2
2010-06-07 00:19 . 2010-05-04 17:20   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-03 16:35 . 2009-07-09 01:42   1561896   ----a-w-   c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2010-06-03 16:35 . 2009-01-28 18:24   746216   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2010-06-03 16:35 . 2009-01-28 18:24   130280   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2010-05-28 18:57 . 2009-01-28 18:24   91472   ----a-w-   c:\windows\system32\isafprod.dll
2010-05-04 17:20 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-10 14:04   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-10 14:04   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-02 17:02 . 2010-02-02 17:02   1438976   ----a-w-   c:\program files\MoveMediaPlayerWin_071505000011.exe
2010-02-01 01:43 . 2010-02-01 01:43   2107456   ----a-w-   c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-31 12:26 . 2010-01-31 12:26   1533702   ----a-w-   c:\program files\gburner27.exe
2009-08-13 23:06 . 2009-08-13 23:05   7741336   ----a-w-   c:\program files\DivX521XP2K_1.exe
2009-08-13 22:54 . 2009-08-13 22:53   4526458   ----a-w-   c:\program files\WinAVI_Video_Converter.exe
2009-06-16 21:38 . 2009-06-16 21:38   2144584   ----a-w-   c:\program files\InstallFirefoxPluginV3.exe
2009-06-12 22:34 . 2009-06-12 22:30   24527365   ----a-w-   c:\program files\FreeVideoConverter.exe
2009-03-05 21:24 . 2009-03-05 21:24   4909440   ----a-w-   c:\program files\Silverlight.2.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-15_11.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32   40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07   57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19   69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41   97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-07-22 06:17 . 2010-07-22 06:17   16384 c:\windows\temp\Perflib_Perfdata_4e8.dat
- 2008-04-14 00:12 . 2010-01-23 08:11   46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 00:12 . 2010-04-21 13:28   46080 c:\windows\system32\tzchange.exe
+ 2006-03-25 00:00 . 2006-03-25 00:00   45056 c:\windows\system32\spool\prtprocs\w32x86\iQ17cEI7q.dll
+ 2005-05-24 00:00 . 2005-05-24 00:00   45056 c:\windows\system32\spool\prtprocs\w32x86\aAA17eI.dll
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\pxinsa64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\pxinsa64.exe
+ 2010-07-18 16:02 . 2009-04-28 20:20   72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\pxcpya64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\pxcpya64.exe
+ 2010-03-31 04:16 . 2010-03-31 04:16   99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-03-14 12:53   78958 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-07-08 14:52   78958 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07   49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 02:17 . 2009-11-06 02:17   11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   27648 c:\windows\system32\jsproxy.dll
+ 2007-08-14 02:39 . 2010-05-04 12:39   13824 c:\windows\system32\ieudinit.exe
- 2007-08-14 02:39 . 2010-03-10 13:18   13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2010-03-10 13:18   70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-05-04 12:39   70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 02:36 . 2010-03-11 12:38   63488 c:\windows\system32\icardie.dll
+ 2007-08-14 02:36 . 2010-05-04 17:20   63488 c:\windows\system32\icardie.dll
- 2009-07-10 03:03 . 2009-07-10 03:03   68080 c:\windows\system32\drvins64.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   68080 c:\windows\system32\drvins64.exe
+ 2009-07-09 07:00 . 2009-07-09 07:00   45200 c:\windows\system32\drivers\pxhelp20.sys
- 2009-07-09 08:00 . 2009-07-09 08:00   45200 c:\windows\system32\drivers\pxhelp20.sys
+ 2007-08-14 02:36 . 2010-05-04 17:20   44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 02:36 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-28 15:29 . 2010-03-10 13:18   13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-01-28 15:29 . 2010-05-04 12:39   13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-14 02:39 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 02:45 . 2010-05-04 17:20   78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-14 02:45 . 2010-03-11 12:38   78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 02:39 . 2010-05-04 12:39   70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 02:39 . 2010-03-10 13:18   70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-28 15:29 . 2010-05-04 17:20   63488 c:\windows\system32\dllcache\icardie.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 02:42 . 2010-05-04 17:20   17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-14 02:42 . 2010-03-11 12:38   17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37   65536 c:\windows\system32\dllcache\asycfilt.dll
- 2009-01-28 13:12 . 2009-03-24 23:16   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-28 13:12 . 2010-07-10 19:48   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-28 13:12 . 2009-03-24 23:16   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-07 15:17 . 2010-07-10 19:48   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2010-03-05 14:37   65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 03:16 . 2008-07-30 03:16   32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31   30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 05:30 . 2008-05-28 05:30   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 03:19 . 2003-02-21 03:19   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-16 19:40 . 2010-06-16 19:40   22016 c:\windows\Installer\a68879.msi
+ 2010-06-16 19:34 . 2010-06-16 19:34   22528 c:\windows\Installer\a6885b.msi
+ 2010-06-16 19:34 . 2010-06-16 19:34   27648 c:\windows\Installer\a68853.msi
+ 2010-05-04 17:20 . 2010-05-04 17:20   49664 c:\windows\Installer\35251f9.msi
+ 2010-06-15 00:32 . 2010-06-15 00:32   21504 c:\windows\Installer\1712a6bf.msi
+ 2010-07-14 13:26 . 2010-07-14 13:26   40960 c:\windows\Installer\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-06-16 20:25 . 2010-06-16 20:25   81920 c:\windows\Installer\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}\ARPPRODUCTICON.exe
+ 2010-05-08 16:34 . 2010-05-08 16:34   25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-08 16:34 . 2010-05-08 16:34   25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-10 12:21 . 2010-06-10 12:21   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-14 03:51 . 2010-04-14 03:51   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-05-04 17:26 . 2010-06-04 07:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-16 19:43 . 2010-06-16 19:43   81920 c:\windows\Installer\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-06-16 19:33 . 2010-06-16 19:33   10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2010-06-16 19:31 . 2010-06-16 19:31   10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-06-16 19:32 . 2010-06-16 19:32   10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-06-10 11:51 . 2010-03-11 12:38   44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-10 11:52 . 2010-03-10 13:18   13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-10 11:52 . 2010-03-11 12:38   44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-10 11:52 . 2010-03-10 13:18   70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-10 11:52 . 2010-03-11 12:38   63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ee3c85bd\System.Drawing.Design.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b31c6c1f\CustomMarshalers.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\11b5c5344eb40eeb36a818d2824fe3a1\WindowsLiveWriter.ni.exe
+ 2010-06-10 12:29 . 2010-06-10 12:29   99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c69cc7d4e4fca9aa892ddfacc64cddb2\WindowsLive.Writer.Api.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-24 07:13 . 2010-06-24 07:13   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-10 12:12 . 2010-06-10 12:12   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-24 07:09 . 2010-06-24 07:09   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-10 12:10 . 2010-06-10 12:10   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 07:08 . 2010-06-24 07:08   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-01-28 15:35 . 2009-01-28 15:35   32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-26 07:00 . 2010-01-23 08:11   46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 07:00 . 2010-04-22 22:21   16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 12:12 . 2008-04-14 00:11   65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-06-10 11:52 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
+ 2010-06-10 11:52 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19   13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19   70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
+ 2010-05-04 17:19 . 2010-05-04 17:19   17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-10 12:19 . 2009-05-26 09:01   26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 12:19 . 2009-05-26 09:01   17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52   65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-10 12:12 . 2008-07-08 13:02   26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 12:12 . 2008-07-08 13:02   17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-06-23 08:00 . 2009-06-23 08:00   9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2009-06-23 07:00 . 2009-06-23 07:00   9200 c:\windows\system32\drivers\cdralw2k.sys
- 2009-06-23 08:00 . 2009-06-23 08:00   9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-06-23 07:00 . 2009-06-23 07:00   9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2010-07-14 13:26 . 2010-07-14 13:26   2238 c:\windows\Installer\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}\Shortcut1_71F6DF7DB6394FADBA93E6DF267AA44D.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-24 07:04 . 2010-06-24 07:04   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-17 07:14 . 2009-10-17 07:14   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll
+ 2009-06-26 23:10 . 2009-06-26 23:10   225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12   632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09   554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08   479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   105984 c:\windows\system32\url.dll
+ 2009-07-10 02:03 . 2009-07-10 02:03   125424 c:\windows\system32\pxinsi64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   125424 c:\windows\system32\pxinsi64.exe
- 2009-07-10 03:03 . 2009-07-10 03:03   123888 c:\windows\system32\pxcpyi64.exe
+ 2009-07-10 02:03 . 2009-07-10 02:03   123888 c:\windows\system32\pxcpyi64.exe
+ 2010-03-31 04:10 . 2010-03-31 04:10   295264 c:\windows\system32\PresentationHost.exe
- 2004-08-04 12:00 . 2010-03-14 12:53   465072 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-08 14:52   465072 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-05-04 17:20   102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   477696 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   459264 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   459264 c:\windows\system32\msfeeds.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07   297808 c:\windows\system32\mscoree.dll
+ 2010-06-16 20:25 . 2010-06-16 20:25   223184 c:\windows\system32\Macromed\Flash\FlashUtil10g_Plugin.exe
+ 2010-06-16 19:43 . 2010-06-16 19:43   223184 c:\windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe
+ 2010-06-16 19:43 . 2010-06-16 19:43   268240 c:\windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.dll
+ 2009-01-28 13:06 . 2010-01-29 15:01   691712 c:\windows\system32\inetcomm.dll
- 2009-01-28 13:06 . 2008-04-11 19:04   691712 c:\windows\system32\inetcomm.dll
- 2007-08-14 02:34 . 2010-03-11 12:38   268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2010-05-04 17:20   268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 20:27 . 2010-03-11 12:38   380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 20:27 . 2010-05-04 17:20   380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-04-16 11:43   161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   347136 c:\windows\system32\dxtmsft.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 02:44 . 2010-03-11 12:38   193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 02:44 . 2010-05-04 17:20   193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-28 14:49 . 2010-01-29 15:01   691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-01-28 14:49 . 2008-04-11 19:04   691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-14 02:43 . 2010-04-16 11:43   634656 c:\windows\system32\dllcache\iexplore.exe
+ 2009-01-28 15:29 . 2010-05-04 17:20   268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-04-16 11:43   161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 02:39 . 2010-03-11 12:38   153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 02:35 . 2010-05-04 17:20   214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-14 02:35 . 2010-03-11 12:38   214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 02:35 . 2010-05-04 17:20   347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 02:35 . 2010-03-11 12:38   347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30   285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-28 14:40 . 2008-04-13 16:39   142592 c:\windows\system32\dllcache\aec.sys
- 2007-08-14 02:39 . 2010-03-11 12:38   124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-14 02:39 . 2010-05-04 17:20   124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2008-04-14 00:09   285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-04-20 05:30   285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   124928 c:\windows\system32\advpack.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16   130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 03:16 . 2008-07-30 03:16   110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31   435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22   258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 19:17 . 2008-07-25 19:17   258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 05:30 . 2008-05-28 05:30   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-06-10 12:22 . 2010-06-10 12:22   200192 c:\windows\Installer\be07f0b.msi
+ 2010-02-25 04:14 . 2010-02-25 04:14   543232 c:\windows\Installer\be07e85.msp
+ 2010-06-16 19:39 . 2010-06-16 19:39   454144 c:\windows\Installer\a68871.msi
+ 2010-06-16 19:33 . 2010-06-16 19:33   356352 c:\windows\Installer\a6884b.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   315392 c:\windows\Installer\a68843.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   316928 c:\windows\Installer\a6883b.msi
+ 2010-06-16 19:32 . 2010-06-16 19:32   356864 c:\windows\Installer\a68833.msi
+ 2010-06-16 19:31 . 2010-06-16 19:31   359424 c:\windows\Installer\a6882b.msi
+ 2010-06-16 19:31 . 2010-06-16 19:31   356352 &nbs

ToniCarman · « **Reply #25 on:** July 22, 2010, 02:05:24 PM »

I guess it is too long. I will copy in multiple posts.

+ 2010-06-16 19:31 . 2010-06-16 19:31   356352 c:\windows\Installer\a68823.msi
+ 2010-06-16 19:31 . 2010-06-16 19:31   316416 c:\windows\Installer\a6881b.msi
+ 2010-06-11 23:07 . 2010-06-11 23:07   168960 c:\windows\Installer\843fc78.msp
+ 2010-05-08 16:34 . 2010-05-08 16:34   881664 c:\windows\Installer\28fe89.msi
+ 2009-01-28 18:22 . 2010-07-15 11:04   409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-28 18:22 . 2010-07-15 11:04   135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-28 18:22 . 2010-04-14 03:47   135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-07-14 13:10 . 2010-07-17 14:01   102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-06-10 11:51 . 2010-03-11 12:38   832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-10 11:52 . 2009-05-26 11:40   382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-10 11:52 . 2008-07-08 13:02   231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-10 11:51 . 2010-03-11 12:38   102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-10 11:52 . 2010-02-23 05:20   634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-10 11:52 . 2010-03-11 12:38   268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-10 11:52 . 2010-02-23 05:18   161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_00504892\System.Drawing.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_01398cc1\System.Drawing.Design.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7930f4fc\CustomMarshalers.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-10 12:29 . 2010-06-10 12:29   633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\31a06c9eb6c083d9b8710ac6ce1be937\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0530ae077336e0eca143d4b32e8d34e\WindowsLive.Writer.Interop.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50904b2c1e6e1ac5a4c7df032c2123c\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f20d937db1a69d005f791db60ee326\WindowsLive.Writer.Controls.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c35124ff18874635fa84856596f154cc\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1992981a0cafba5e0d3753b8ec39b21\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bea5a870bbb250130356c5dd8c2f3ca9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b07e085adf681435595a729c5f8ca528\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a148f5e5315f10bd4dfb626fdcf001c2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\53a0614cafe16513d774a5d7b0473a73\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4190016a1225c8f33b8ebd96addb2a8e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27e34aec3681f62ec3791cdfe9ac0230\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18dce358e91aedbd9656a6a0d0da582a\WindowsLive.Writer.Passport.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\06657a351a8cafd8101bbd06c31c6194\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3aca1d7df14c17850246ef5ebca827c5\WindowsLive.Client.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-10 12:20 . 2010-06-10 12:20   240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-10 12:20 . 2010-06-10 12:20   447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-10 12:32 . 2010-06-10 12:32   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-10 12:25 . 2010-06-10 12:25   381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-10 12:19 . 2010-06-10 12:19   208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-10 12:26 . 2010-06-10 12:26   256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-10 12:15 . 2010-06-10 12:15   258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-10 12:14 . 2010-06-10 12:14   368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-10 12:14 . 2010-06-10 12:14   224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-10 12:14 . 2010-06-10 12:14   539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-10 12:26 . 2010-06-10 12:26   386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-10 12:27 . 2010-06-10 12:27   842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-01-28 15:35 . 2009-01-28 15:35   110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-05-26 07:00 . 2009-05-26 09:01   382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 07:00 . 2009-05-26 09:01   231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-06-10 12:28 . 2009-05-26 11:40   382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 12:28 . 2008-04-14 00:09   285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-06-10 12:19 . 2009-05-26 11:40   382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 12:19 . 2009-05-26 09:01   231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 12:12 . 2009-05-26 11:40   382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-10 12:13 . 2007-07-28 03:11   382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 12:13 . 2007-07-28 03:11   231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-05-13 07:01 . 2009-05-26 11:40   382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-13 07:00 . 2008-04-11 19:04   691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 12:12 . 2008-07-08 13:02   231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-06-10 11:52 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
+ 2010-06-10 11:52 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
+ 2010-06-10 11:52 . 2008-07-08 13:02   231288 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   841216 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   233472 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   105984 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   102912 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   671232 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   477696 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   459264 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
+ 2010-04-16 11:08 . 2010-04-16 11:08   634648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
+ 2010-05-04 17:20 . 2010-05-04 17:20   268288 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   388608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   380928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
+ 2010-04-16 11:06 . 2010-04-16 11:06   161792 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   230400 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   153088 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   132608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   214528 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   347136 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
+ 2010-05-04 17:19 . 2010-05-04 17:19   124928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 12:28 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 12:28 . 2009-05-26 11:40   231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37   285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 12:23 . 2008-07-08 13:02   755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 12:23 . 2008-07-08 13:02   231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-06-10 12:19 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 12:19 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 12:19 . 2009-05-26 09:01   231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 12:12 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 12:12 . 2009-05-26 11:40   231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-05-13 07:01 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-13 07:01 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-13 07:01 . 2009-05-26 11:40   231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53   691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 12:12 . 2009-05-26 11:40   755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 12:12 . 2008-07-08 13:02   231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2009-06-26 23:07 . 2009-06-26 23:07   3780416 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll
+ 2009-06-26 23:07 . 2009-06-26 23:07   3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46   1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46   1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2004-08-04 12:00 . 2010-04-06 08:52   2462720 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2010-03-11 12:38   1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-02-05 18:27   1291776 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2009-11-27 17:11   1291776 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2010-05-04 17:20   3600384 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2010-06-16 20:25   5537232 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-08-14 02:54 . 2010-03-11 12:38   6067200 c:\windows\system32\ieframe.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   6067200 c:\windows\system32\ieframe.dll
+ 2009-01-28 04:53 . 2010-07-14 16:27   4429288 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2010-04-06 08:52   2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-01-28 14:48 . 2010-05-02 05:22   1851264 c:\windows\system32\dllcache\win32k.sys
- 2007-08-14 02:54 . 2010-03-11 12:38   1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27   1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2009-11-27 17:11   1291776 c:\windows\system32\dllcache\quartz.dll
- 2009-08-12 21:03 . 2009-07-10 13:27   1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 21:03 . 2010-01-29 15:01   1315328 c:\windows\system32\dllcache\msoe.dll
+ 2007-08-14 02:54 . 2010-05-04 17:20   3600384 c:\windows\system32\dllcache\mshtml.dll
- 2009-01-28 15:29 . 2010-03-11 12:38   6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-01-28 15:29 . 2010-05-04 17:20   6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06   1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48   5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 12:59 . 2008-11-25 12:59   5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32   5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32   3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2008-05-28 05:35 . 2008-05-28 05:35   1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42   1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35   1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42   1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48   2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50   2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50   2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 04:43 . 2008-05-28 04:43   2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42   2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-06-16 20:25 . 2010-06-16 20:25   1093120 c:\windows\Installer\d825a5.msi
+ 2010-05-03 20:27 . 2010-05-03 20:27   6825472 c:\windows\Installer\be07f42.msp
+ 2010-05-03 20:11 . 2010-05-03 20:11   4149760 c:\windows\Installer\be07ee7.msp
+ 2010-05-05 02:25 . 2010-05-05 02:25   7681024 c:\windows\Installer\be07ed1.msp
+ 2010-05-10 21:17 . 2010-05-10 21:17   5520896 c:\windows\Installer\be07ebb.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17   2607104 c:\windows\Installer\be07e94.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17   4210688 c:\windows\Installer\be07e93.msp
+ 2010-04-24 21:10 . 2010-04-24 21:10   8486400 c:\windows\Installer\be07e74.msp
+ 2010-05-03 20:06 . 2010-05-03 20:06   5053952 c:\windows\Installer\be07e69.msp
+ 2010-06-16 19:43 . 2010-06-16 19:43   1093120 c:\windows\Installer\a68889.msi
+ 2009-10-16 22:07 . 2009-10-16 22:07   6115328 c:\windows\Installer\4b9138a.msp
+ 2010-04-21 21:46 . 2010-04-21 21:46   5522432 c:\windows\Installer\4b91374.msp
+ 2010-07-14 13:26 . 2010-07-14 13:26   6483968 c:\windows\Installer\47ec359.msi
+ 2009-11-09 04:25 . 2009-11-09 04:25   1935360 c:\windows\Installer\43767ad.msp
+ 2010-05-25 15:45 . 2010-05-25 15:45   8445440 c:\windows\Installer\3fb686e.msp
+ 2010-07-01 02:52 . 2010-07-01 02:52   5522944 c:\windows\Installer\3fb6857.msp
+ 2010-07-17 14:01 . 2010-07-17 14:01   1904640 c:\windows\Installer\24ef50.msi
+ 2009-01-30 07:03 . 2010-07-13 16:53   3777536 c:\windows\Installer\12178a.msi
- 2009-01-30 07:03 . 2010-04-14 23:13   3777536 c:\windows\Installer\12178a.msi
+ 2010-06-10 11:51 . 2010-03-11 12:38   1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-10 11:51 . 2010-03-11 12:38   3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-10 11:52 . 2010-03-11 12:38   6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-01-28 15:38 . 2009-01-28 15:38   5283840 c:\windows\assembly\temp\PCP2T7DR5Y\PresentationFramework.dll
+ 2009-01-28 15:35 . 2009-01-28 15:35   4210688 c:\windows\assembly\temp\4CMKJJJJJJ\PresentationCore.dll
+ 2009-01-28 15:35 . 2009-01-28 15:35   1245184 c:\windows\assembly\temp\0ILZDDDDDD\WindowsBase.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f636947c\System.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_79ae7e92\System.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c444e089\System.Xml.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66bef7e9\System.Xml.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b54f8c9d\System.Windows.Forms.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6b5a1c44\System.Windows.Forms.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_09d267e4\System.Drawing.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b8fadec9\System.Design.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_297bc57f\System.Design.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d460f315\mscorlib.dll
+ 2010-06-10 12:24 . 2010-06-10 12:24   3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7590502d\mscorlib.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\af8ff11dbab485d5d13323bbf6a5be79\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\590ced109c1eb276203e1561a695ab99\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0654d7056eddd323f13f38ff67325ca7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-24 07:08 . 2010-06-24 07:08   3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 12:20 . 2010-06-10 12:20   1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 12:09 . 2010-06-10 12:09   7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-10 12:20 . 2010-06-10 12:20   5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-10 12:32 . 2010-06-10 12:32   1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-10 12:32 . 2010-06-10 12:32   1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-10 12:19 . 2010-06-10 12:19   1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-10 12:25 . 2010-06-10 12:25   2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-24 07:11 . 2010-06-24 07:11   1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-10 12:19 . 2010-06-10 12:19   1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-10 12:25 . 2010-06-10 12:25   1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-10 12:18 . 2010-06-10 12:18   1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-10 12:16 . 2010-06-10 12:16   6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-10 12:27 . 2010-06-10 12:27   2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1115136 c:\windows\assembly\NativeImages_v2.0.5072

ToniCarman · « **Reply #26 on:** July 22, 2010, 02:08:50 PM »

+ 2010-06-10 12:29 . 2010-06-10 12:29   1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-10 12:16 . 2010-06-10 12:16   2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-10 12:16 . 2010-06-10 12:16   2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-10 12:16 . 2010-06-10 12:16   2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-10 12:16 . 2010-06-10 12:16   1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-24 07:10 . 2010-06-24 07:10   1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-10 12:09 . 2010-06-10 12:09   1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-10 12:31 . 2010-06-10 12:31   2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-10 12:30 . 2010-06-10 12:30   1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-10 12:29 . 2010-06-10 12:29   1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 07:07 . 2010-06-24 07:07   1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-10 12:10 . 2010-06-10 12:10   5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 07:07 . 2010-06-24 07:07   5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-24 07:03 . 2010-06-24 07:03   5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 07:13 . 2009-10-17 07:13   5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 07:07 . 2010-06-24 07:07   4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-01-28 15:35 . 2009-01-28 15:35   4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 07:04 . 2010-06-24 07:04   4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-17 07:14 . 2009-10-17 07:14   4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-17 07:02 . 2009-10-17 07:02   1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-10 12:23 . 2010-06-10 12:23   1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 07:02 . 2009-10-17 07:02   1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-10 12:19 . 2009-08-14 13:21   1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 12:13 . 2009-05-20 08:56   2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-13 07:00 . 2009-07-10 13:27   1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-10 12:12 . 2009-11-27 17:11   1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   1171968 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   3603456 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20   6071296 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
+ 2010-06-09 23:07 . 2009-06-29 08:33   2452872 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
+ 2010-05-02 06:34 . 2010-05-02 06:34   1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53   1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29   1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2009-01-28 15:27 . 2010-07-02 19:39   34045896 c:\windows\system32\MRT.exe
+ 2010-04-02 23:29 . 2010-04-02 23:29   11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-05-11 15:30 . 2010-05-11 15:30   11194880 c:\windows\Installer\be07f58.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30   17456640 c:\windows\Installer\be07f2d.msp
+ 2010-04-24 21:09 . 2010-04-24 21:09   11750912 c:\windows\Installer\be07ef2.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17   14599680 c:\windows\Installer\be07ea5.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23   15638528 c:\windows\Installer\43767bc.msp
+ 2010-05-04 17:25 . 2010-05-04 17:25   20240896 c:\windows\Installer\352520c.msp
+ 2010-05-04 17:20 . 2010-05-04 17:20   15710720 c:\windows\Installer\3525202.msp
+ 2010-06-04 07:00 . 2010-06-04 07:00   20242432 c:\windows\Installer\2b89935.msp
+ 2010-06-10 12:19 . 2010-06-10 12:19   12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-10 12:28 . 2010-06-10 12:28   11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-10 12:26 . 2010-06-10 12:26   17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-10 12:18 . 2010-06-10 12:18   10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-10 12:13 . 2010-06-10 12:13   14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-24 07:09 . 2010-06-24 07:09   14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-10 12:12 . 2010-06-10 12:12   12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
+ 2010-06-24 07:09 . 2010-06-24 07:09   12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23   1385864   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-22 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-05-28 230736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-01-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-01-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-01-28 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-01-28 14088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]

c:\documents and settings\Toni\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 21:30   79368   ----a-w-   c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

ToniCarman · « **Reply #27 on:** July 22, 2010, 02:09:22 PM »

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 11:08 PM 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 7:20 PM 64288]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/11/2010 8:42 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/11/2010 8:42 AM 15856]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 11:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 11:08 PM 45584]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/11/2010 8:42 AM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 6:40 PM 127352]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 11:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 11:08 PM 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 2:24 PM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 2:24 PM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 11:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 11:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/28/2009 2:24 PM 185680]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 11:08 PM 115216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2010 1:27 PM 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-07-22 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-07-22 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-07-22 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-07-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-28 10:53]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 17:26]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 17:26]

2010-07-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{675B23E3-279D-4AEF-B6F7-5783DA94959C} - c:\windows\system32\hbfqp.dll
BHO-{6892BD80-AD3F-4F86-BF67-05DDFC491C6E} - c:\windows\system32\lbfqp.dll
HKCU-Run-Usorijaxesab - c:\windows\dimspstl.dll
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 02:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(4608)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-22 02:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 06:23
ComboFix2.txt 2010-04-16 12:27
ComboFix3.txt 2010-04-16 12:16
ComboFix4.txt 2010-04-15 11:59

Pre-Run: 108,868,366,336 bytes free
Post-Run: 108,861,652,992 bytes free

- - End Of File - - 5D4E06B3AA9DEF8BD66DE6468C4CB7D0

Sneakyone · « **Reply #28 on:** July 22, 2010, 03:01:29 PM »

Hi,

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ToniCarman · « **Reply #29 on:** July 22, 2010, 05:56:53 PM »

Malwarebytes' log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4339

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/22/2010 7:58:40 PM
mbam-log-2010-07-22 (19-58-40).txt

Scan type: Quick scan
Objects scanned: 143606
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sneakyone · « **Reply #30 on:** July 22, 2010, 10:20:08 PM »

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan[/i]

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

tonicarman1 · « **Reply #31 on:** July 23, 2010, 07:29:29 AM »

(using different user name with my PC since I can finally access internet but couldn't remember my password.)

ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=aef952102e80e24ca3c1b4fa800419eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-13 08:32:36
# local_time=2010-04-13 04:32:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4864 16777179 100 0 37048807 37048807 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317340
# found=1
# cleaned=1
# scan_time=13693
C:\Program Files\NoAdware5.0\NoAdware5.exe   probably a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=aef952102e80e24ca3c1b4fa800419eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-23 01:04:13
# local_time=2010-07-23 09:04:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4864 16777191 100 0 45798272 45798272 0 0
# compatibility_mode=8192 67108863 100 0 7828046 7828046 0 0
# scanned=260953
# found=17
# cleaned=17
# scan_time=6940
C:\Qoobox\Quarantine\C\Documents and Settings\Toni\Application Data\09f7619a.exe.vir   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\Toni\Local Settings\Application Data\mbidtssnx\ixoukxrtssd.exe.vir   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0114830.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0114836.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0114843.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0114849.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0114878.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0122226.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP503\A0122228.exe   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\system32\spool\prtprocs\w32x86\aAA17eI.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ17cEI7q.dll   a variant of Win32/Kryptik.FIX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\07212010_071812\C_Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe   a variant of Win32/Kryptik.FOE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\07212010_071812\C_Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\07212010_071812\C_Documents and Settings\Toni\Local Settings\temp\Gz1.exe   Win32/TrojanDownloader.FakeAlert.BBB trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\07212010_071812\C_WINDOWS\anuyuvasaxoga.dll   a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\_OTL\MovedFiles\07212010_071812\C_WINDOWS\dimspstl.dll   a variant of Win32/Cimag.CW trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Sneakyone · « **Reply #32 on:** July 23, 2010, 12:27:16 PM »

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do a calculation of temporary/old files, and then display a dialogue box.
Select the More Options Tab.
At the bottom will be a System Restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

Here are some prevention tips I have provided:[/b]

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing Computerhope,

Happy Internet surfing!

ToniCarman · « **Reply #33 on:** July 23, 2010, 01:13:50 PM »

Thank You so much for your time!!

Sneakyone · « **Reply #34 on:** July 23, 2010, 01:30:56 PM »

You're welcome, glad to help.

Computer Hope Forum

News:

Author Topic: Malware infection (Read 26745 times)

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

Sneakyone

ToniCarman

ToniCarman

ToniCarman

ToniCarman

Sneakyone

ToniCarman

Sneakyone

tonicarman1

Sneakyone

ToniCarman

Sneakyone