Articles

Redirect Virus

April 10, 2010 at 16:38:12
Specs: Windows XP

I am desperate for some help wit this. I normally can get these things fixed but this one is real stubborn.
Not only do most search engine links redirect to other sites, but it seems that this virus (or whatever it is) also disable many sites from working at all! Particularly anything with virus removal information. computing.net is one of many I checked for help with this on and is actually the only one that works. Bleepingcomputer is disabled, as well as many many other tech forums.
On top of that, it is also not allowing me to download some helpful programs. I have tried malwarebytes, kapersky, avast and even F-secure's online scanner among others. All disabled. Just instantly says site cant be found. All other non-virus related sites are working optimally on my computer.
Fortunately I already have HijackThis and even combofix if needed (although may be an older version?)
Please any help would be immensely appreciated!

-ex programmer so feel free to get technical if necessary.


See More: Redirect Virus

Report •


#1
April 10, 2010 at 17:37:52

We need to look at the system so DDS will do that for us, please post those logs.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.


Report •

#2
April 11, 2010 at 00:16:24

Unfortunately, I have lost access to bleepingcomputer and kapersky as I stated previously. So I am unable to download either one of those apps. Even if I copy and paste in the url I still get a "server not found" error. The virus/malware seems to have targeted any tech forums and anti-virus/anti-malware sites. Computing.net miraculously still works on my machine.
Sorry if this makes things near impossible to fix. Any other suggestions? Again, I appreciate any help you can give me.

Report •

#3
April 11, 2010 at 01:45:12

I guess I could download them onto a usb drive when I go to a friends' or family's house?

Report •

Related Solutions

#4
April 11, 2010 at 01:57:18

Or maybe booting in safe mode with networking enabled?

Report •

#5
April 11, 2010 at 06:48:44

Try your second suggestion first.

Report •

#6
April 11, 2010 at 07:23:19

These may be downloadable for you, if so post their logs please.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#7
April 11, 2010 at 23:27:32

I hope you still prefer your first suggestion because before I could read your second one, I went ahead and booted in safe mode and was able to download both dds and tdsskiller. Here are all 3 .txt's. These scans were done with me booted back in normal mode.

If its not too much to ask, I would love it if you might possibly have any input on some of the files you'll see that I've quarantined in that attach.txt file. Particularly those weird, gibberish dll's. Am I just paranoid?

DDS (Ver_10-03-17.01) - NTFSx86
Run by Us We at 2:03:20.12 on 12/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.676 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k rpcSsc
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ZoneTick\timesync.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Us We\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\us we\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\us we\start menu\programs\startup\PowerReg Scheduler.exe
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: <NO NAME> =
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179516452843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179518563198
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.phreik.com/controls/msnchat45.cab
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli scad87.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\uswe~1\applic~1\mozilla\firefox\profiles\ik8rcpim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\documents and settings\us we\application data\mozilla\firefox\profiles\ik8rcpim.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F1590D81-A7F5-4F4F-9048-21BC9D7B3611} - c:\documents and settings\us we\local settings\application data\{F1590D81-A7F5-4F4F-9048-21BC9D7B3611}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-10 64160]
R1 dmoko;Driver Shortcut VMware Thumbnail for;c:\windows\system32\drivers\ndisoko.sys [2008-7-20 32768]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-11 54752]
R2 ipokoraid;Publisher Office Terminal Property Aladdin Temporary ExtractIcon;c:\windows\system32\svchost.exe -k rpcSsc [2003-7-16 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 ZTime;ZoneTick Time;c:\program files\zonetick\timesync.exe [2009-6-28 241664]
S2 gupdate1ca09be6c2bae9e;Google Update Service (gupdate1ca09be6c2bae9e);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MTK;Media Technology Kernel Driver; [x]

=============== Created Last 30 ================

2010-04-11 07:46:32 0 d-----w- c:\program files\VS Revo Group
2010-04-01 05:08:41 0 d-----w- c:\docume~1\uswe~1\applic~1\runic games
2010-04-01 05:02:15 0 d-----w- c:\program files\Runic Games
2010-03-27 02:59:58 20992 ----a-w- c:\windows\bw-uninstall.exe
2010-03-17 06:16:01 411368 ----a-w- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2010-04-12 05:33:59 5359 ----a-w- c:\program files\hijackthis.log
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-24 12:53:04 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-08-11 07:15:51 794 ----a-w- c:\program files\License.txt
2009-08-11 07:15:51 6293 ----a-w- c:\program files\readme.txt
2009-08-11 07:15:51 610636 ----a-w- c:\program files\HOSTS
2009-08-11 07:15:51 1615 ----a-w- c:\program files\mvps.bat
2009-08-11 07:15:51 1384 ----a-w- c:\program files\PrivacyPolicy.txt
2009-04-04 02:58:10 897664 ----a-w- c:\program files\setup.exe
2005-02-16 16:06:16 218112 ----a-w- c:\program files\HijackThis.exe
2008-12-02 23:45:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

============= FINISH: 2:04:10.00 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 17/05/2007 1:34:03 PM
System Uptime: 04/12/2010 2:01:12 AM (-5664 hours ago)

Motherboard: Dell Computer Corp. | | 0M2035
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 32.629 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 74 GiB total, 10.768 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD
Service:

==== System Restore Points ===================

RP1: 27/08/2009 6:00:33 AM - Software Distribution Service 3.0
RP2: 02/09/2009 6:00:26 AM - Software Distribution Service 3.0
RP3: 04/09/2009 11:17:11 PM - Installed XP Home Permissions Manager
RP4: 05/09/2009 10:43:18 PM - Installed DirectX
RP5: 05/09/2009 10:44:33 PM - Installed Nero 8
RP6: 09/09/2009 6:00:53 AM - Software Distribution Service 3.0
RP7: 10/09/2009 4:51:50 PM - Installed Windows XP Wdf01007.
RP8: 27/09/2009 12:36:37 AM - Installed Rome - Total War
RP9: 27/09/2009 6:51:15 PM - Removed Dealio Toolbar v4.0.1.
RP10: 27/09/2009 7:01:34 PM - Removed Nero 8
RP11: 27/09/2009 7:06:13 PM - Removed Rome - Total War
RP12: 27/09/2009 7:31:20 PM - Removed Nero 8
RP13: 09/10/2009 3:29:35 PM - Installed DirectX
RP14: 09/10/2009 4:39:44 PM - Software Distribution Service 3.0
RP15: 10/10/2009 6:01:02 AM - Software Distribution Service 3.0
RP16: 11/10/2009 6:02:39 AM - Software Distribution Service 3.0
RP17: 14/10/2009 6:00:33 AM - Software Distribution Service 3.0
RP18: 17/10/2009 9:06:44 PM - Installed Oblivion
RP19: 17/10/2009 9:16:33 PM - Installed DirectX 9.0
RP20: 17/10/2009 9:48:22 PM - Installed Oblivion - Knights of the Nine
RP21: 17/10/2009 9:49:14 PM - Installed Oblivion - Horse Armor Pack
RP22: 17/10/2009 9:49:31 PM - Installed Oblivion - Mehrunes Razor
RP23: 17/10/2009 9:49:47 PM - Installed Oblivion - Orrery
RP24: 17/10/2009 9:50:03 PM - Installed Oblivion - Spell Tomes
RP25: 17/10/2009 9:50:16 PM - Installed Oblivion - Thieves Den
RP26: 17/10/2009 9:50:30 PM - Installed Oblivion - Vile Lair
RP27: 17/10/2009 9:50:47 PM - Installed Oblivion - Wizard's Tower
RP28: 17/10/2009 10:06:30 PM - Installed Oblivion - Shivering Isles
RP29: 17/10/2009 10:47:20 PM - Removed Oblivion
RP30: 18/10/2009 4:03:10 AM - Installed Neverwinter Nights
RP31: 18/10/2009 4:13:20 AM - Installed Neverwinter Nights: Shadows of Undrentide
RP32: 18/10/2009 4:15:03 AM - Installed Neverwinter Nights: Shadows of Undrentide
RP33: 18/10/2009 4:20:00 AM - Installed Neverwinter Nights: Hordes of the Underdark
RP34: 19/10/2009 9:11:33 PM - Removed Trend Micro PC-cillin Internet Security 2007.
RP35: 04/11/2009 7:00:27 AM - Software Distribution Service 3.0
RP36: 11/11/2009 7:07:30 PM - Software Distribution Service 3.0
RP37: 25/11/2009 7:30:11 AM - Software Distribution Service 3.0
RP38: 08/12/2009 7:47:45 AM - Removed Search Settings 1.2.2.
RP39: 08/12/2009 7:50:12 AM - Removed Neverwinter Nights
RP40: 08/12/2009 7:52:29 AM - Removed Nero 8
RP41: 08/12/2009 8:04:21 AM - Move file to quarantine: uxezivanomozo.dll
RP42: 08/12/2009 8:05:28 AM - Move file to quarantine: siszyd32.exe
RP43: 08/12/2009 7:44:56 PM - Software Distribution Service 3.0
RP44: 24/01/2010 6:01:09 AM - Software Distribution Service 3.0
RP45: 25/01/2010 3:57:28 AM - SPTD setup V1.62
RP46: 28/01/2010 7:53:57 AM - Installed Rome - Total War(TM)
RP47: 10/02/2010 6:00:47 AM - Software Distribution Service 3.0
RP48: 24/02/2010 8:54:08 AM - Software Distribution Service 3.0
RP49: 10/03/2010 6:00:53 AM - Software Distribution Service 3.0
RP50: 13/03/2010 7:12:45 AM - Removed AVG Free 8.5
RP51: 17/03/2010 2:15:01 AM - Installed Java(TM) 6 Update 17
RP52: 01/04/2010 4:13:35 AM - Software Distribution Service 3.0
RP53: 01/04/2010 4:18:38 AM - Removed Civilization III: Conquests
RP54: 01/04/2010 4:21:55 AM - Removed Google Earth.
RP55: 01/04/2010 4:36:59 AM - Removed Nero 8
RP56: 01/04/2010 4:39:04 AM - Removed Oblivion - Horse Armor Pack
RP57: 01/04/2010 4:42:37 AM - Removed Oblivion - Knights of the Nine
RP58: 01/04/2010 4:43:38 AM - Removed Oblivion - Mehrunes Razor
RP59: 01/04/2010 4:44:35 AM - Removed Oblivion - Orrery
RP60: 01/04/2010 4:45:43 AM - Removed Oblivion - Spell Tomes
RP61: 01/04/2010 4:46:28 AM - Removed Oblivion - Thieves Den
RP62: 01/04/2010 4:47:42 AM - Removed Oblivion - Vile Lair
RP63: 01/04/2010 4:48:47 AM - Removed Oblivion - Wizard's Tower
RP64: 01/04/2010 4:56:04 AM - Removed Rome - Total War(TM)
RP65: 08/04/2010 3:31:58 PM - Move file to quarantine: arinezonusohomat.dll
RP66: 08/04/2010 3:34:08 PM - Move file to quarantine: yMXqXK
RP67: 11/04/2010 3:48:55 AM - Revo Uninstaller's restore point - Community Expansion Pack version 1.01b
RP68: 11/04/2010 3:52:53 AM - Revo Uninstaller's restore point - Nero 8
RP69: 11/04/2010 3:55:12 AM - Removed Nero 8

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
ĀµTorrent
AutoUpdate
BCM V.92 56K Modem
Cheat Engine 5.6
Chess 2003
Critical Update for Windows Media Player 11 (KB959772)
D4100_Help
Dell ResourceCD
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Google Update Helper
Google Updater
Highlight Viewer (Windows Live Toolbar)
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hph_readme
hph_software_req
HxD Hex Editor version 1.7.7.0
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Logitech SetPoint
Map Button (Windows Live Toolbar)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Modem Helper
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neroxml
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Presto! PageManager 7.15.13
Revo Uninstaller 1.85
Risk II
Rome - Total War
Security Task Manager 1.7h
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Smart Menus (Windows Live Toolbar)
SopCast 3.2.4
Sound Blaster Live!
Stream Torrent 1.0
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WebFldrs XP
WebReg
Windows Desktop Search
Windows Essentials Media Codec Pack 1.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
XML Paper Specification Shared Components Pack 1.0
XP Home Permissions Manager
ZoneTick World Time Zone Clock 5.3.1 (remove only)

==== Event Viewer Messages From Past Week ========

12/04/2010 1:36:54 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
12/04/2010 1:34:49 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/04/2010 1:33:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/04/2010 1:31:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/04/2010 1:31:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OMCI sptd
12/04/2010 1:30:53 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
10/04/2010 7:23:54 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
09/04/2010 7:15:01 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
09/04/2010 7:15:00 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
06/04/2010 6:58:37 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
06/04/2010 6:03:34 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
06/04/2010 6:03:34 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


Report •

#8
April 11, 2010 at 23:28:14

02:13:20:578 3616 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
02:13:20:578 3616 ================================================================================
02:13:20:578 3616 SystemInfo:

02:13:20:578 3616 OS Version: 5.1.2600 ServicePack: 3.0
02:13:20:578 3616 Product type: Workstation
02:13:20:578 3616 ComputerName: A
02:13:20:578 3616 UserName: Us We
02:13:20:578 3616 Windows directory: C:\WINDOWS
02:13:20:578 3616 Processor architecture: Intel x86
02:13:20:578 3616 Number of processors: 1
02:13:20:578 3616 Page size: 0x1000
02:13:20:578 3616 Boot type: Normal boot
02:13:20:578 3616 ================================================================================
02:13:20:609 3616 UnloadDriverW: NtUnloadDriver error 2
02:13:20:609 3616 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
02:13:20:640 3616 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
02:13:20:640 3616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
02:13:20:640 3616 wfopen_ex: Trying to KLMD file open
02:13:20:640 3616 wfopen_ex: File opened ok (Flags 2)
02:13:20:640 3616 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
02:13:20:640 3616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
02:13:20:640 3616 wfopen_ex: Trying to KLMD file open
02:13:20:640 3616 wfopen_ex: File opened ok (Flags 2)
02:13:20:640 3616 Initialize success
02:13:20:640 3616
02:13:20:640 3616 Scanning Services ...
02:13:20:984 3616 Raw services enum returned 354 services
02:13:20:984 3616
02:13:20:984 3616 Scanning Kernel memory ...
02:13:20:984 3616 Devices to scan: 5
02:13:20:984 3616
02:13:20:984 3616 Driver Name: Disk
02:13:20:984 3616 IRP_MJ_CREATE : F76F5BB0
02:13:20:984 3616 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
02:13:20:984 3616 IRP_MJ_CLOSE : F76F5BB0
02:13:20:984 3616 IRP_MJ_READ : F76EFD1F
02:13:20:984 3616 IRP_MJ_WRITE : F76EFD1F
02:13:20:984 3616 IRP_MJ_QUERY_INFORMATION : 804FA88E
02:13:20:984 3616 IRP_MJ_SET_INFORMATION : 804FA88E
02:13:20:984 3616 IRP_MJ_QUERY_EA : 804FA88E
02:13:20:984 3616 IRP_MJ_SET_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_FLUSH_BUFFERS : F76F02E2
02:13:21:000 3616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_DEVICE_CONTROL : F76F03BB
02:13:21:000 3616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76F3F28
02:13:21:000 3616 IRP_MJ_SHUTDOWN : F76F02E2
02:13:21:000 3616 IRP_MJ_LOCK_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_CLEANUP : 804FA88E
02:13:21:000 3616 IRP_MJ_CREATE_MAILSLOT : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_POWER : F76F1C82
02:13:21:000 3616 IRP_MJ_SYSTEM_CONTROL : F76F699E
02:13:21:000 3616 IRP_MJ_DEVICE_CHANGE : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_QUOTA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_QUOTA : 804FA88E
02:13:21:000 3616 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:13:21:000 3616
02:13:21:000 3616 Driver Name: Disk
02:13:21:000 3616 IRP_MJ_CREATE : F76F5BB0
02:13:21:000 3616 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
02:13:21:000 3616 IRP_MJ_CLOSE : F76F5BB0
02:13:21:000 3616 IRP_MJ_READ : F76EFD1F
02:13:21:000 3616 IRP_MJ_WRITE : F76EFD1F
02:13:21:000 3616 IRP_MJ_QUERY_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_FLUSH_BUFFERS : F76F02E2
02:13:21:000 3616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_DEVICE_CONTROL : F76F03BB
02:13:21:000 3616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76F3F28
02:13:21:000 3616 IRP_MJ_SHUTDOWN : F76F02E2
02:13:21:000 3616 IRP_MJ_LOCK_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_CLEANUP : 804FA88E
02:13:21:000 3616 IRP_MJ_CREATE_MAILSLOT : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_POWER : F76F1C82
02:13:21:000 3616 IRP_MJ_SYSTEM_CONTROL : F76F699E
02:13:21:000 3616 IRP_MJ_DEVICE_CHANGE : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_QUOTA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_QUOTA : 804FA88E
02:13:21:000 3616 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:13:21:000 3616
02:13:21:000 3616 Driver Name: Disk
02:13:21:000 3616 IRP_MJ_CREATE : F76F5BB0
02:13:21:000 3616 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
02:13:21:000 3616 IRP_MJ_CLOSE : F76F5BB0
02:13:21:000 3616 IRP_MJ_READ : F76EFD1F
02:13:21:000 3616 IRP_MJ_WRITE : F76EFD1F
02:13:21:000 3616 IRP_MJ_QUERY_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_FLUSH_BUFFERS : F76F02E2
02:13:21:000 3616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_DEVICE_CONTROL : F76F03BB
02:13:21:000 3616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76F3F28
02:13:21:000 3616 IRP_MJ_SHUTDOWN : F76F02E2
02:13:21:000 3616 IRP_MJ_LOCK_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_CLEANUP : 804FA88E
02:13:21:000 3616 IRP_MJ_CREATE_MAILSLOT : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_POWER : F76F1C82
02:13:21:000 3616 IRP_MJ_SYSTEM_CONTROL : F76F699E
02:13:21:000 3616 IRP_MJ_DEVICE_CHANGE : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_QUOTA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_QUOTA : 804FA88E
02:13:21:000 3616 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:13:21:000 3616
02:13:21:000 3616 Driver Name: atapi
02:13:21:000 3616 IRP_MJ_CREATE : F7516B40
02:13:21:000 3616 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
02:13:21:000 3616 IRP_MJ_CLOSE : F7516B40
02:13:21:000 3616 IRP_MJ_READ : 804FA88E
02:13:21:000 3616 IRP_MJ_WRITE : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_EA : 804FA88E
02:13:21:000 3616 IRP_MJ_FLUSH_BUFFERS : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
02:13:21:000 3616 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_DEVICE_CONTROL : F7516B40
02:13:21:000 3616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7516B40
02:13:21:000 3616 IRP_MJ_SHUTDOWN : 804FA88E
02:13:21:000 3616 IRP_MJ_LOCK_CONTROL : 804FA88E
02:13:21:000 3616 IRP_MJ_CLEANUP : 804FA88E
02:13:21:000 3616 IRP_MJ_CREATE_MAILSLOT : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_SECURITY : 804FA88E
02:13:21:000 3616 IRP_MJ_POWER : F7516B40
02:13:21:000 3616 IRP_MJ_SYSTEM_CONTROL : F7516B40
02:13:21:000 3616 IRP_MJ_DEVICE_CHANGE : 804FA88E
02:13:21:000 3616 IRP_MJ_QUERY_QUOTA : 804FA88E
02:13:21:000 3616 IRP_MJ_SET_QUOTA : 804FA88E
02:13:21:015 3616 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
02:13:21:015 3616
02:13:21:015 3616 Driver Name: atapi
02:13:21:015 3616 IRP_MJ_CREATE : F7516B40
02:13:21:015 3616 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
02:13:21:015 3616 IRP_MJ_CLOSE : F7516B40
02:13:21:015 3616 IRP_MJ_READ : 804FA88E
02:13:21:015 3616 IRP_MJ_WRITE : 804FA88E
02:13:21:015 3616 IRP_MJ_QUERY_INFORMATION : 804FA88E
02:13:21:015 3616 IRP_MJ_SET_INFORMATION : 804FA88E
02:13:21:015 3616 IRP_MJ_QUERY_EA : 804FA88E
02:13:21:015 3616 IRP_MJ_SET_EA : 804FA88E
02:13:21:015 3616 IRP_MJ_FLUSH_BUFFERS : 804FA88E
02:13:21:015 3616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
02:13:21:015 3616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
02:13:21:015 3616 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
02:13:21:015 3616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
02:13:21:015 3616 IRP_MJ_DEVICE_CONTROL : F7516B40
02:13:21:015 3616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7516B40
02:13:21:015 3616 IRP_MJ_SHUTDOWN : 804FA88E
02:13:21:015 3616 IRP_MJ_LOCK_CONTROL : 804FA88E
02:13:21:015 3616 IRP_MJ_CLEANUP : 804FA88E
02:13:21:015 3616 IRP_MJ_CREATE_MAILSLOT : 804FA88E
02:13:21:015 3616 IRP_MJ_QUERY_SECURITY : 804FA88E
02:13:21:015 3616 IRP_MJ_SET_SECURITY : 804FA88E
02:13:21:015 3616 IRP_MJ_POWER : F7516B40
02:13:21:015 3616 IRP_MJ_SYSTEM_CONTROL : F7516B40
02:13:21:015 3616 IRP_MJ_DEVICE_CHANGE : 804FA88E
02:13:21:015 3616 IRP_MJ_QUERY_QUOTA : 804FA88E
02:13:21:015 3616 IRP_MJ_SET_QUOTA : 804FA88E
02:13:21:015 3616 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
02:13:21:015 3616
02:13:21:015 3616 Completed
02:13:21:015 3616
02:13:21:015 3616 Results:
02:13:21:015 3616 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
02:13:21:015 3616 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
02:13:21:015 3616 File objects infected / cured / cured on reboot: 0 / 0 / 0
02:13:21:015 3616
02:13:21:015 3616 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
02:13:21:015 3616 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
02:13:21:031 3616 KLMD(ARK) unloaded successfully


Report •

#9
April 12, 2010 at 03:53:46

The flies/folders you have quarantined are baddies but are in system restore...most of them cannot removes themselves from this protected area of the computer although some have been known to.

I don't see an antivirus program running, you need to install one.

You can download the free version of AVG antivirus at this link:
AVG Free Antivirus

Update it once you get it installed.

Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 19.

Go t oadd/remove programs and uninstall utorrent (known to harbor spyware) and all older versions before version 6 update 19.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#10
April 12, 2010 at 11:39:19

Thanks for the input on those quarantined files. I thought they looked fishy. Ill just let them rott in there for now.
Yes, I currently dont have any antivirus because I had actually just uninstalled avg after weeks of frustration with it. I will give it another try though (Ive heard avast is slightly better than avg. any idea? or are they basically the exact same?)
One more quick question. Any recommendations for a BitTorrent client?
I Appreciate all your help so far. You guys are awesome.


I have updated java to version 6 update 18. It seems as though it is not allowing me to update to 19. Through control panel>java>update tab, it claims I have the most up to date version. On java.com, it recognizes that I only have update 18, but when i click to download update 19, it claims I already have the software installed.
OTL and ComboFix logs follow...


========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04122010_134557


Report •

#11
April 12, 2010 at 11:40:38

ComboFix 10-04-12.01 - Us We 12/04/2010 14:19:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.734 [GMT -4:00]
Running from: c:\documents and settings\Us We\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Us We\Application Data\avdrn.dat
c:\documents and settings\Us We\Application Data\inst.exe
c:\program files\\setup.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Setup.exe
c:\windows\scad87.dll
c:\windows\system32\av_md.exe
c:\windows\system32\config\systemprofile\av_md.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 17:45 . 2010-04-12 17:45 -------- d-----w- C:\_OTL
2010-04-12 17:38 . 2010-04-12 17:38 503808 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcp71.dll
2010-04-12 17:38 . 2010-04-12 17:38 499712 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\jmc.dll
2010-04-12 17:38 . 2010-04-12 17:38 348160 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcr71.dll
2010-04-12 17:38 . 2010-04-12 17:38 61440 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-sse.dll
2010-04-12 17:38 . 2010-04-12 17:38 12800 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-d3d.dll
2010-04-11 07:46 . 2010-04-11 07:46 -------- d-----w- c:\program files\VS Revo Group
2010-04-08 19:30 . 2010-04-08 19:30 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120671FF.dll
2010-04-08 19:30 . 2010-04-08 19:30 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
2010-04-01 05:08 . 2010-04-01 05:08 -------- d-----w- c:\documents and settings\Us We\Application Data\runic games
2010-04-01 05:02 . 2010-04-01 05:02 -------- d-----w- c:\program files\Runic Games
2010-03-27 02:59 . 2010-04-10 03:34 20992 ----a-w- c:\windows\bw-uninstall.exe
2010-03-17 06:16 . 2010-04-12 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 06:13 . 2010-03-17 06:13 152576 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 06:13 . 2010-03-17 06:13 79488 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:25 . 2010-02-04 15:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-12 17:37 . 2007-06-20 12:50 -------- d-----w- c:\program files\Java
2010-04-12 05:33 . 2010-04-12 05:33 5359 ----a-w- c:\program files\hijackthis.log
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\program files\Nero
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-11 07:58 . 2009-09-06 00:33 -------- d-----w- c:\documents and settings\Us We\Application Data\Nero
2010-04-10 22:58 . 2009-08-11 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-09 06:07 . 2009-12-07 09:03 0 ----a-w- c:\windows\Djogev.bin
2010-04-09 06:07 . 2009-12-07 09:03 120 ----a-w- c:\windows\Lxelujikap.dat
2010-04-01 08:54 . 2010-02-07 05:55 -------- d-----w- c:\program files\Red Kings Poker
2010-04-01 08:50 . 2010-01-10 07:24 -------- d-----w- c:\program files\PartyGaming
2010-04-01 08:48 . 2007-05-17 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 08:33 . 2009-08-29 22:20 -------- d-----w- c:\program files\NDSROM Player
2010-04-01 08:22 . 2007-06-20 20:01 -------- d-----w- c:\program files\Google
2010-04-01 08:20 . 2010-01-23 04:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-20 00:45 . 2010-02-07 11:42 25 ----a-w- c:\windows\popcinfot.dat
2010-03-11 12:38 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 11:07 . 2009-04-29 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 02:44 . 2010-03-10 02:44 -------- d-----w- c:\program files\Big City Games
2010-02-18 16:38 . 2010-02-18 16:38 24 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6BB246AD1AC2414D84D13C8F3D38C43.dll
2010-02-18 16:38 . 2010-02-18 16:38 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16CB480C735EED116861000565084666.dll
2010-02-17 06:07 . 2009-08-19 18:18 245 ----a-w- c:\windows\PowerReg.dat
2010-02-14 06:37 . 2010-02-14 03:55 -------- d-----w- c:\program files\RockbetCasino
2010-01-25 08:57 . 2009-04-24 06:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-24 12:53 . 2009-12-24 12:51 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-08-11 07:15 . 2009-07-27 14:08 610636 ----a-w- c:\program files\HOSTS
2009-08-11 07:15 . 2009-07-19 03:58 1384 ----a-w- c:\program files\PrivacyPolicy.txt
2009-08-11 07:15 . 2009-07-19 03:56 6293 ----a-w- c:\program files\readme.txt
2009-08-11 07:15 . 2008-12-24 09:07 1615 ----a-w- c:\program files\mvps.bat
2009-08-11 07:15 . 2007-09-06 05:12 794 ----a-w- c:\program files\License.txt
2005-02-16 16:06 . 2010-02-18 16:42 218112 ----a-w- c:\program files\HijackThis.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-20_18.46.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-09-06 02:35 . 2009-09-06 02:35 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2010-04-12 18:28 . 2010-04-12 18:28 16384 c:\windows\temp\Perflib_Perfdata_714.dat
+ 2007-05-18 19:28 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2007-05-18 19:28 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2007-05-17 17:18 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2009-09-09 23:38 . 2001-08-18 02:36 53760 c:\windows\system32\sw_wheel.dll
+ 2009-09-09 23:38 . 2001-08-18 02:36 41472 c:\windows\system32\sw_effct.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2004-08-04 07:56 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2009-09-06 02:00 . 2003-01-26 16:41 40960 c:\windows\system32\SSubTmr6.dll
+ 2009-09-10 20:51 . 2008-03-21 17:57 14640 c:\windows\system32\spmsgXP_2k3.dll
+ 2007-06-10 17:20 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2007-06-10 17:20 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-10-27 04:06 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-27 04:06 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-07-26 20:44 . 2009-07-26 20:44 48448 c:\windows\system32\sirenacm.dll
+ 2003-07-16 20:42 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2003-07-16 20:42 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
- 2003-07-16 20:41 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2003-07-16 20:41 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
+ 2003-07-16 20:41 . 2010-03-17 16:31 71122 c:\windows\system32\perfc009.dat
+ 2007-09-20 13:55 . 2007-09-20 13:55 95600 c:\windows\system32\NeroCo.dll
+ 2007-05-17 20:37 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2009-09-06 02:00 . 2003-04-18 19:29 44544 c:\windows\system32\msxml4a.dll
+ 2003-07-16 20:36 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
- 2003-07-16 20:36 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2003-07-16 20:36 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2007-08-13 23:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2003-07-16 20:35 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2003-07-16 20:31 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2003-07-16 20:31 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2009-09-06 02:00 . 1998-07-13 02:00 15360 c:\windows\system32\inetfr.DLL
- 2006-11-07 07:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 07:26 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe
+ 2003-07-16 20:30 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
- 2003-07-16 20:30 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2003-07-16 20:30 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe
- 2003-07-16 20:30 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2003-07-16 20:28 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2003-07-16 20:28 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2009-10-09 19:32 . 2009-08-06 02:48 54752 c:\windows\system32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys
+ 2009-04-08 18:29 . 2009-04-08 18:29 56448 c:\windows\system32\drivers\xusb21.sys
+ 2008-03-27 20:27 . 2008-03-27 20:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2009-09-06 01:55 . 2009-09-06 01:55 47360 c:\windows\system32\drivers\pcouffin.sys
+ 2008-07-20 17:41 . 2009-02-09 13:10 32768 c:\windows\system32\drivers\ndisoko.sys
+ 2009-09-09 23:38 . 2001-08-17 18:02 35200 c:\windows\system32\drivers\msgame.sys
+ 2007-09-24 13:05 . 2007-09-24 13:05 11304 c:\windows\system32\drivers\imagedrv.sys
+ 2009-05-11 17:53 . 2009-08-06 02:48 54752 c:\windows\system32\drivers\fssfltr_tdi.sys
- 2003-07-16 20:24 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys
+ 2003-07-16 20:24 . 2009-12-09 01:42 96512 c:\windows\system32\drivers\atapi.sys
+ 2007-05-18 19:28 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-05-17 17:18 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-09-09 23:38 . 2001-08-18 02:36 53760 c:\windows\system32\dllcache\sw_wheel.dll
+ 2009-09-09 23:38 . 2001-08-18 02:36 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2003-07-16 20:36 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-09-09 23:38 . 2001-08-17 18:02 35200 c:\windows\system32\dllcache\msgame.sys
+ 2007-04-25 08:41 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-04-25 08:41 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2007-04-24 14:26 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-04-24 14:26 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 23:39 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 23:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 18:09 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 18:09 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 23:39 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 16:12 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2003-07-16 20:25 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-11 03:55 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-11 03:55 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-11 03:55 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-11 03:55 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-20 18:46 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-20 18:46 . 2008-04-14 00:12 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-20 18:46 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2009-08-11 03:55 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-11 03:55 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-11 03:55 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-11 03:55 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-20 18:46 . 2008-04-14 00:11 56320 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-20 18:46 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-08-20 18:46 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-08-11 03:55 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-11 03:55 . 2003-07-16 20:23 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2003-07-16 20:24 . 2009-12-09 01:42 96512 c:\windows\system32\dllcache\atapi.sys


Report •

#12
April 12, 2010 at 11:42:48

+ 2003-07-16 20:26 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2009-12-07 08:59 . 2010-03-17 16:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-05-17 17:34 . 2009-08-20 18:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-17 17:34 . 2010-03-17 16:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-17 17:34 . 2009-08-20 18:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-17 17:34 . 2010-03-17 16:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-06 02:00 . 1998-07-12 22:00 32768 c:\windows\system32\CMDLGFR.DLL
+ 2003-07-16 20:25 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
- 2003-07-16 20:24 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2003-07-16 20:24 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-10-09 19:28 . 2009-10-09 19:28 22016 c:\windows\Installer\f6d01bd.msi
+ 2009-10-09 19:26 . 2009-10-09 19:26 27136 c:\windows\Installer\f6d0186.msi
+ 2010-03-18 02:36 . 2010-03-18 02:36 22528 c:\windows\Installer\22ec399.msi
+ 2009-11-25 12:30 . 2009-11-25 12:30 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-01-25 01:24 . 2010-01-25 01:24 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-09-06 02:46 . 2009-09-06 02:46 25214 c:\windows\Installer\{B944FA21-81AF-4A77-8328-CE4F4CC51033}\ARPPRODUCTICON.exe
+ 2009-10-09 19:27 . 2009-10-09 19:27 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-10-09 19:37 . 2009-10-09 19:37 29316 c:\windows\Installer\{95120000-0122-0409-0000-0000000FF1CE}\olc_setup.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-09 06:57 . 2009-12-09 06:57 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-10-09 19:29 . 2009-10-09 19:29 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2010-02-19 22:56 . 2010-02-19 22:56 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-09-05 03:24 . 2009-09-05 03:24 23230 c:\windows\Installer\{0E96D2C3-5309-4087-AA66-7EF32DBBA704}\_6FEFF9B68218417F98F549.exe
+ 2009-04-02 18:23 . 2009-04-02 18:23 10104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\XLCALL32.DLL
+ 2009-04-03 22:01 . 2009-04-03 22:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 21:57 . 2009-04-03 21:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2006-07-24 14:50 . 2006-07-24 14:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 21:24 . 2009-03-04 21:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-11-25 02:32 . 2008-11-25 02:32 46928 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLRPC.DLL
+ 2006-07-24 14:50 . 2006-07-24 14:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2008-10-31 01:24 . 2008-10-31 01:24 21368 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MLSHEXT.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-04-29 03:51 . 2009-04-29 03:51 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-04-29 03:50 . 2009-04-29 03:50 12080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 64288 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 23:49 . 2006-10-26 23:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2009-04-29 03:51 . 2009-04-29 03:51 12112 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 11544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 12104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 20280 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 19:26 . 2006-10-27 19:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 19:01 . 2006-10-27 19:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2009-04-29 03:49 . 2009-04-29 03:49 12096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2010-04-01 08:14 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll
+ 2010-04-01 08:14 . 2009-12-31 15:33 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
+ 2010-04-01 08:14 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll
+ 2010-04-01 08:14 . 2009-12-31 15:33 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe
+ 2010-04-01 08:14 . 2010-01-05 10:00 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 17408 c:\windows\ie7updates\KB980182-IE7\corpol.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-24 11:02 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-24 11:02 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-24 11:02 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-24 11:02 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-09 00:50 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-09 00:50 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-09 00:50 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-09 00:50 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-14 10:07 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-14 10:07 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-14 10:07 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-14 10:07 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0b8c626b\System.Drawing.Design.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_66821fa1\CustomMarshalers.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a31f5136a236dae58c03db56ea2a1a7a\WindowsLiveWriter.ni.exe
+ 2009-10-14 10:22 . 2009-10-14 10:22 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0cce8134aebab15d6c31143f850af1a7\WindowsLive.Writer.Api.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-14 10:18 . 2009-10-14 10:18 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-14 10:17 . 2009-10-14 10:17 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-14 10:18 . 2009-10-14 10:18 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-10-10 10:08 . 2009-10-10 10:08 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-10-10 10:09 . 2009-10-10 10:09 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-10-10 10:08 . 2009-10-10 10:08 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-02-24 13:54 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 13:54 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-10 11:05 . 2008-04-14 00:11 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-02-10 11:03 . 2003-07-16 20:36 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-02-10 11:03 . 2008-04-14 00:12 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-02-10 11:03 . 2008-04-14 00:11 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-02-10 11:03 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2009-11-25 12:33 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 12:33 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2010-02-10 11:05 . 2008-04-14 00:12 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2009-10-14 10:07 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-12-09 00:51 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-24 11:05 . 2009-06-16 14:36 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-08-27 10:00 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-27 10:00 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-12-09 00:52 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 00:52 . 2008-04-14 00:11 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-02-10 11:09 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-02-10 11:09 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978251\spmsg.dll
+ 2010-01-24 11:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978207-IE7\update\spcustom.dll
+ 2010-01-24 11:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978207-IE7\spmsg.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\pngfilt.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 52224 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeedsbs.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 27648 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\jsproxy.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 13824 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieudinit.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iernonce.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 78336 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieencode.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 70656 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ie4uinit.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 63488 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\icardie.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 17408 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\corpol.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-02-10 11:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-02-10 11:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll

Report •

#13
April 12, 2010 at 11:43:22

+ 2010-02-10 11:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977165\spmsg.dll
+ 2009-11-04 11:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976749-IE7\update\spcustom.dll
+ 2009-11-04 11:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976749-IE7\spmsg.dll
+ 2009-12-09 00:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2009-12-09 00:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-03-10 11:06 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-10 11:06 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2009-10-14 10:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-14 10:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455-IE7\update\spcustom.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455-IE7\spmsg.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\pngfilt.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 52224 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeedsbs.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 27648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\jsproxy.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 13824 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieudinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iernonce.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 78336 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieencode.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 70656 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ie4uinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 63488 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\icardie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 17408 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\corpol.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-25 12:33 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 12:33 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2010-01-24 11:05 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-24 11:05 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-23 15:32 . 2009-10-15 16:39 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2009-09-09 10:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-09 10:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-12-09 00:49 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 00:49 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2010-02-10 11:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll
+ 2010-02-10 11:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971468\spmsg.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-11-12 00:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-12 00:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2009-10-14 10:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-14 10:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-09-09 10:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-09 10:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2010-01-24 11:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-24 11:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-09-09 23:38 . 2001-08-17 18:02 8576 c:\windows\system32\drivers\hidgame.sys
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-09-09 23:38 . 2001-08-17 18:02 8576 c:\windows\system32\dllcache\hidgame.sys
+ 2009-08-11 03:55 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-11 03:55 . 2003-07-16 20:40 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-08-11 03:55 . 2003-07-16 20:24 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-09 07:13 . 2009-08-09 07:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-09 07:12 . 2009-08-09 07:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-02-10 11:03 . 2003-07-16 20:27 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2009-07-10 16:15 . 2009-07-10 16:15 306544 c:\windows\WLXPGSS.SCR
- 2009-08-09 07:12 . 2009-08-09 07:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-09-20 13:59 . 2007-09-20 13:59 972072 c:\windows\UNRecode.exe
+ 2007-03-22 01:02 . 2007-03-22 01:02 972336 c:\windows\UNNeroVision.exe
+ 2007-02-28 20:41 . 2007-02-28 20:41 972336 c:\windows\UNNeroShowTime.exe
+ 2007-09-20 13:55 . 2007-09-20 13:55 972072 c:\windows\UNNeroMediaHome.exe
+ 2007-03-21 01:22 . 2007-03-21 01:22 972336 c:\windows\UNNeroBackItUp.exe
+ 2005-05-26 08:19 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2007-05-18 19:28 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2007-05-18 19:28 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2007-05-17 19:01 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2009-09-06 02:00 . 2005-02-24 16:51 348160 c:\windows\system32\WMAFile.dll
+ 2007-05-18 19:30 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2003-07-16 20:51 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
- 2003-07-16 20:51 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2009-09-06 02:00 . 2000-10-01 22:00 119568 c:\windows\system32\VB6FR.DLL
+ 2003-07-16 20:49 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
- 2003-07-16 20:49 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2006-03-17 19:49 . 2006-03-17 19:49 368640 c:\windows\system32\TwnLib4.dll
+ 2003-07-16 20:47 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2003-07-16 20:47 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2003-07-16 20:46 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2003-07-16 20:46 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
- 2005-08-31 22:49 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2005-08-31 22:49 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2003-07-16 20:42 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2003-07-16 20:41 . 2010-03-17 16:31 440038 c:\windows\system32\perfh009.dat
- 2003-07-16 20:40 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2003-07-16 20:40 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
+ 2006-05-14 09:13 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2006-05-14 09:13 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2005-05-26 08:19 . 2009-08-06 23:23 215920 c:\windows\system32\muweb.dll
+ 2007-05-19 22:46 . 2009-08-06 23:23 274288 c:\windows\system32\mucltui.dll
- 2003-07-16 20:36 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
+ 2003-07-16 20:36 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
+ 2003-07-16 20:36 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
- 2003-07-16 20:36 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2003-07-16 20:36 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
- 2003-07-16 20:36 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2007-05-17 17:18 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2007-05-17 17:18 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
- 2003-07-16 20:35 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2003-07-16 20:35 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
+ 2009-09-06 02:00 . 1998-07-13 02:00 141312 c:\windows\system32\MSCMCFR.DLL
- 2006-05-18 05:58 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2006-05-18 05:58 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2010-04-12 17:38 . 2010-04-12 17:38 153376 c:\windows\system32\javaws.exe
+ 2010-04-12 17:38 . 2010-04-12 17:38 145184 c:\windows\system32\javaw.exe
+ 2010-04-12 17:38 . 2010-04-12 17:37 145184 c:\windows\system32\java.exe
+ 2006-03-17 16:45 . 2006-03-17 16:45 802816 c:\windows\system32\imagXRA7.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 258048 c:\windows\system32\imagXR7.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 497296 c:\windows\system32\imagXpr7.dll
- 2007-08-13 23:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
+ 2006-02-24 19:24 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
- 2003-07-16 20:30 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2003-07-16 20:30 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2003-07-16 20:30 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2003-07-16 20:30 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
+ 2003-07-16 20:30 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
- 2003-07-16 20:30 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2003-07-16 20:30 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
- 2003-07-16 20:30 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2007-05-17 13:03 . 2009-08-09 07:24 261432 c:\windows\system32\FNTCACHE.DAT
+ 2007-05-17 13:03 . 2009-11-12 01:13 261432 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:56 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2006-06-09 18:35 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-06-09 18:35 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
+ 2006-06-09 18:35 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
- 2006-06-09 18:35 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2008-03-27 20:27 . 2008-03-27 20:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2003-07-16 20:46 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2003-07-16 20:34 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2007-09-24 13:05 . 2007-09-24 13:05 132904 c:\windows\system32\drivers\imagesrv.sys
+ 2004-08-04 06:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2007-11-18 19:02 . 2009-10-15 19:18 323530 c:\windows\system32\drivers\etc\tmvsthfud.bin
+ 2007-11-14 00:58 . 2009-10-15 19:01 323530 c:\windows\system32\drivers\etc\tmvsthfss.bin
+ 2005-05-26 08:19 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-05-18 19:28 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-05-18 19:28 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-02 03:02 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2007-08-13 23:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:54 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:44 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-09-09 00:04 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-08-21 13:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 13:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-27 22:59 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2007-08-13 23:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
- 2007-05-18 21:55 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-04-25 08:41 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-04-25 08:41 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-14 23:37 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 16:04 . 2010-02-23 05:20 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-04-25 08:41 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-04-25 08:41 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:39 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-04-25 08:41 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-04-25 08:41 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-07-16 20:30 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2003-07-16 20:30 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 23:39 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 23:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 23:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2007-05-18 21:55 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-05-18 21:55 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-08-20 18:46 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-11 03:55 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-20 18:46 . 2008-04-14 00:12 185856 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-11 03:55 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-20 18:46 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-20 18:46 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-08-11 03:55 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-20 18:46 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-11 03:55 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-11 03:55 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-20 18:46 . 2008-04-14 00:12 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-11 03:55 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-20 18:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-08-11 03:55 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-11 03:55 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-11 03:55 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-20 18:46 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
+ 2009-08-11 03:55 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-11 03:55 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-11 03:55 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2007-08-13 23:39 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 23:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-01-23 15:32 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-02-04 15:53 . 2009-11-03 18:07 679936 c:\windows\system32\D3DX81ab.dll
+ 2008-07-20 17:41 . 2009-02-09 13:10 124928 c:\windows\system32\certoko.dll
+ 2003-07-16 20:23 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
- 2003-07-16 20:23 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-10-18 01:17 . 2005-07-22 21:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2003-07-16 20:49 . 2008-04-14 00:12 164352 c:\windows\isegodobuvogepu.dll

Report •

#14
April 12, 2010 at 11:43:56

+ 2009-10-09 19:37 . 2009-10-09 19:37 517120 c:\windows\Installer\f6d0296.msi
+ 2009-10-09 19:32 . 2009-10-09 19:32 969728 c:\windows\Installer\f6d027e.msi
+ 2009-10-09 19:31 . 2009-10-09 19:31 569344 c:\windows\Installer\f6d026b.msi
+ 2009-10-09 19:30 . 2009-10-09 19:30 778752 c:\windows\Installer\f6d0237.msi
+ 2009-10-09 19:30 . 2009-10-09 19:30 463872 c:\windows\Installer\f6d01f9.msi
+ 2009-10-09 19:29 . 2009-10-09 19:29 735744 c:\windows\Installer\f6d01e7.msi
+ 2009-10-09 19:27 . 2009-10-09 19:27 430080 c:\windows\Installer\f6d01b4.msi
+ 2009-10-09 19:27 . 2009-10-09 19:27 155648 c:\windows\Installer\f6d0195.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\aee5803.msp
+ 2009-09-27 04:36 . 2009-09-27 04:36 412160 c:\windows\Installer\a195b56.msi
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\8344d27.msp
+ 2009-09-06 02:43 . 2009-09-06 02:43 269312 c:\windows\Installer\58691.msi
+ 2009-11-25 12:30 . 2009-11-25 12:30 429568 c:\windows\Installer\524268a.msi
+ 2010-04-01 05:02 . 2010-04-01 05:02 219648 c:\windows\Installer\4accf69a.msi
+ 2009-09-06 02:36 . 2009-09-06 02:36 100352 c:\windows\Installer\32dbca.msi
+ 2010-04-12 17:37 . 2010-04-12 17:37 576000 c:\windows\Installer\27a17b1.msi
+ 2010-04-12 17:34 . 2010-04-12 17:34 178176 c:\windows\Installer\27a1540.msi
+ 2009-09-05 03:17 . 2009-09-05 03:17 126464 c:\windows\Installer\14370f.msi
+ 2009-10-09 19:31 . 2009-10-09 19:31 132096 c:\windows\Installer\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}\WLXPhotoGalleryIcon.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-29 03:45 . 2009-04-29 03:45 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-10-09 20:47 . 2009-10-09 20:47 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-04 21:24 . 2009-03-04 21:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2009-10-10 10:09 . 2009-10-10 10:09 350064 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-21 04:49 . 2008-11-21 04:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-31 01:24 . 2008-10-31 01:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2000-05-24 02:45 . 2000-05-24 02:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2008-11-04 04:04 . 2008-11-04 04:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2008-11-21 04:48 . 2008-11-21 04:48 155016 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\ENVELOPE.DLL
+ 2008-11-21 04:48 . 2008-11-21 04:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\CONTAB32.DLL
+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 781104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 19:16 . 2006-10-27 19:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 01:07 . 2006-10-27 01:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 12:37 . 2006-10-20 12:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 416544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 23:50 . 2006-10-26 23:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:47 . 2006-10-26 18:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 150320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2010-04-01 08:14 . 2010-01-05 10:00 832512 c:\windows\ie7updates\KB980182-IE7\wininet.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 105984 c:\windows\ie7updates\KB980182-IE7\url.dll
+ 2010-04-01 08:14 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
+ 2010-04-01 08:14 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
+ 2010-04-01 08:14 . 2010-01-05 10:00 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll
+ 2010-04-01 08:14 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB980182-IE7\iexplore.exe
+ 2010-04-01 08:14 . 2010-01-05 10:00 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB980182-IE7\iepeers.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 380928 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll
+ 2010-04-01 08:14 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-24 11:02 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-24 11:02 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-24 11:02 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-24 11:02 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-24 11:02 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-24 11:02 . 2007-08-13 23:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-24 11:02 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2009-11-04 11:01 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-04 11:01 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-12-09 00:50 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-09 00:50 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-09 00:50 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-09 00:50 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-09 00:50 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-09 00:50 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-09 00:50 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll

Report •

#15
April 12, 2010 at 11:44:27

+ 2009-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-14 10:07 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-14 10:07 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-14 10:07 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-14 10:07 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2008-12-14 23:37 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-10-14 10:05 . 2009-10-14 10:05 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9915fc2a\System.Drawing.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_75b4e4bc\System.Drawing.Design.dll
+ 2009-10-14 10:05 . 2009-10-14 10:06 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_51e9d782\CustomMarshalers.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-14 10:22 . 2009-10-14 10:22 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\feb5009ee6406995983c67d61254b713\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ea3b7fc0ae639a2cd268d9a0aab47d15\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd20f981722448ea96d2c0995eeaf9b7\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9603a068ba2de2c7ec244454e8ad0763\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b674da2d622aec8a9c150e4f7437c4f\WindowsLive.Writer.Controls.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7ca3eb94ab1ae6867d35382ecf407260\WindowsLive.Writer.Passport.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7c494448c732a975d727098bad24f42b\WindowsLive.Writer.Localization.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75a1c524a87004611e911be710454234\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63d852a9374556240906cbd19946f7b0\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\627621628abc220fd9c02f442178e41c\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\551d4211cde9574615ad847741667699\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\311874611f12ea8440bc760c3203cbd3\WindowsLive.Writer.Interop.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\f5d7a7417ffcd9af285e64946ba48f74\WindowsLive.Client.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-14 10:18 . 2009-10-14 10:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad38ebb07c0d5b5bbf15f8f3c11c6be\System.Messaging.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-14 10:16 . 2009-10-14 10:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-14 10:22 . 2009-10-14 10:22 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-14 10:20 . 2009-10-14 10:20 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-14 10:22 . 2009-10-14 10:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-14 10:22 . 2009-10-14 10:22 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-10-10 10:08 . 2009-10-10 10:08 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-10-11 10:03 . 2009-10-11 10:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-10 10:07 . 2009-10-10 10:07 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-02 09:03 . 2007-12-02 09:03 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-10-18 01:17 . 2009-10-18 01:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2003-07-16 20:23 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-09-10 20:51 . 2008-03-21 17:57 379184 c:\windows\$NtUninstallWdf01007$\spuninst\updspapi.dll
+ 2009-09-10 20:51 . 2008-03-21 17:57 221488 c:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe
+ 2010-02-24 13:54 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 13:54 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-02-10 11:02 . 2008-04-14 00:12 343040 c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2010-02-10 11:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-02-10 11:09 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
+ 2010-02-10 11:05 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-02-10 11:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-02-10 11:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
+ 2009-11-25 12:33 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 12:33 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-02-10 11:05 . 2008-04-14 00:12 474112 c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-03-10 11:06 . 2009-05-26 22:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-10 11:06 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2009-10-14 10:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-14 10:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-14 10:01 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-12-09 00:49 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 00:49 . 2008-04-14 00:12 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 00:51 . 2008-04-14 00:12 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-10-14 10:08 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-12-09 00:51 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-11-25 12:33 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 12:33 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-10-14 10:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2010-01-24 11:05 . 2009-06-16 14:36 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-24 11:05 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-24 11:05 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-09-09 10:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-09 10:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-09 10:01 . 2008-05-09 10:53 512000 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-12-09 00:49 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 00:49 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-10-14 10:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2010-02-10 11:09 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys
+ 2010-02-10 11:09 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-02-10 11:09 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2009-08-27 10:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-27 10:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-12-09 00:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 00:52 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-11-12 00:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-12 00:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-10-14 10:11 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB969878_WM9L$\spuninst\updspapi.dll
+ 2009-10-14 10:11 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-14 10:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-09-09 10:03 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-09 10:03 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-10-14 10:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-14 10:11 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-09-09 10:03 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-09 10:03 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-09 10:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2010-01-24 11:06 . 2009-05-26 22:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-24 11:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-24 11:06 . 2008-04-14 00:11 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll

Report •

#16
April 12, 2010 at 11:44:56

+ 2009-10-14 10:08 . 2006-10-19 01:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-14 10:08 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-14 10:08 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-16 18:27 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2010-02-10 11:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-02-10 11:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-02-10 11:09 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978251\update\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978251\update\update.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978251\spuninst.exe
+ 2010-02-10 04:48 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
+ 2010-01-24 11:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978207-IE7\update\updspapi.dll
+ 2010-01-24 11:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978207-IE7\update\update.exe
+ 2010-01-24 11:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978207-IE7\spuninst.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 841216 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 233472 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\webcheck.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 105984 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\url.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 102912 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\occache.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 671232 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mstime.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msrating.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 477696 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtmled.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 459264 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeeds.dll
+ 2009-12-18 07:00 . 2009-12-18 07:00 634632 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
+ 2010-01-05 09:57 . 2010-01-05 09:57 268288 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iertutil.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iepeers.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 388608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iedkcs32.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 380928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dll
+ 2009-12-18 06:58 . 2009-12-18 06:58 161792 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakui.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 230400 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieaksie.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 153088 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakeng.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 132608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\extmgr.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 214528 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtrans.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 347136 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtmsft.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 124928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\advpack.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-02-10 11:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-02-10 11:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-02-10 11:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977165\update\updspapi.dll
+ 2010-02-10 11:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977165\update\update.exe
+ 2010-02-10 11:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977165\spuninst.exe
+ 2009-11-04 11:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976749-IE7\update\updspapi.dll
+ 2009-11-04 11:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976749-IE7\update\update.exe
+ 2009-11-04 11:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976749-IE7\spuninst.exe
+ 2009-12-09 00:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2009-12-09 00:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2009-12-09 00:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 841216 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 233472 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 105984 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 102912 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 671232 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 193024 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 477696 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 459264 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2009-10-28 06:54 . 2009-10-28 06:54 634632 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 268288 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 388608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 380928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2009-10-28 06:52 . 2009-10-28 06:52 161792 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 230400 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 153088 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 132608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 214528 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 347136 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-03-10 11:06 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-10 11:06 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-10 11:06 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-02-10 11:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-02-10 11:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2009-10-14 10:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-14 10:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-14 10:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-14 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE7\update\updspapi.dll
+ 2009-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
+ 2009-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455-IE7\spuninst.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 840704 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 233472 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\webcheck.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 105984 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\url.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 102912 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\occache.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 671232 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mstime.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 193024 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msrating.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 477696 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtmled.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 459264 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeeds.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 634648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 268288 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iertutil.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 388608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iedkcs32.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 380928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 161792 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakui.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 230400 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieaksie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 153088 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakeng.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 132608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\extmgr.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 214528 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtrans.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 347136 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtmsft.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 124928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\advpack.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 00:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 00:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-10-14 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 00:51 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 00:51 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 00:32 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-25 12:33 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 12:33 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 12:33 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-10-14 10:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-10-14 10:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2010-01-24 11:05 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-24 11:05 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-24 11:05 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-23 15:32 . 2009-10-15 16:39 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2009-09-09 10:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-09 10:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-09 10:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-09 00:05 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 00:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 00:49 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2009-10-14 10:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2009-10-14 10:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2010-02-10 11:09 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971468\update\updspapi.dll
+ 2010-02-10 11:09 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-02-10 11:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-02-10 04:48 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
+ 2009-12-09 00:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 00:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 00:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-11-12 00:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-12 00:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-12 00:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-10-14 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-10-14 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-10-14 10:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2009-09-09 10:03 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-09 10:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-09 10:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-09 00:04 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2010-01-24 11:06 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-24 11:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-24 11:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-23 15:32 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2009-10-14 08:42 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-09-06 02:36 . 2009-09-06 02:36 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2007-05-17 17:18 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll
- 2007-05-17 19:01 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2007-05-17 19:01 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
+ 2003-07-16 20:51 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2008-03-28 03:49 . 2008-03-28 03:49 1112288 c:\windows\system32\WdfCoInstaller01007.dll
+ 2006-08-31 00:42 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
+ 2006-06-22 05:19 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2006-06-22 05:19 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2003-05-30 13:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2003-07-16 20:39 . 2009-12-08 19:27 2189184 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2009-12-08 18:43 2066048 c:\windows\system32\ntkrnlpa.exe
- 2002-08-29 01:04 . 2009-02-07 23:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-15 19:43 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-09-13 05:09 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-06-30 14:28 . 2010-03-11 12:38 3599872 c:\windows\system32\mshtml.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 1757184 c:\windows\system32\imagX7.dll
+ 2007-08-13 23:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 23:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\system32\FM20.DLL
+ 2007-05-17 17:18 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2007-05-17 19:01 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2007-05-17 19:01 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-27 22:59 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2007-05-18 21:55 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-27 22:59 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-27 22:58 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-27 22:58 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-27 22:58 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-27 22:58 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-27 22:59 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-27 22:59 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-27 23:29 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-12-14 23:37 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-05-18 21:55 . 2010-03-11 12:38 3599872 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 03:36 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-04-25 08:41 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2007-04-25 08:41 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-11 03:55 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-11 03:55 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-11 03:55 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-11 03:55 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-09-06 02:43 . 2006-03-31 16:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2009-09-06 02:43 . 2005-12-05 22:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-10-18 01:17 . 2005-07-22 23:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2010-02-04 15:53 . 2009-11-03 18:07 1970176 c:\windows\system32\d3dx9.dll
+ 2009-09-06 02:00 . 2005-02-24 17:11 1212416 c:\windows\system32\AudioInfos.dll
+ 2009-09-06 02:00 . 2005-03-11 22:37 1986560 c:\windows\system32\AudFile.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-18 16:56 . 2009-08-18 16:56 5020672 c:\windows\Installer\fdce8e.msp
+ 2009-12-03 19:15 . 2009-12-03 19:15 5004288 c:\windows\Installer\d63c07d1.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\8344d96.msp
+ 2009-05-26 22:54 . 2009-05-26 22:54 4192768 c:\windows\Installer\8344d81.msp
+ 2009-05-04 11:47 . 2009-05-04 11:47 9124864 c:\windows\Installer\8344d68.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\8344d53.msp
+ 2009-04-24 16:28 . 2009-04-24 16:28 4450816 c:\windows\Installer\8344d3d.msp
+ 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\8344d14.msp
+ 2009-09-06 02:46 . 2009-09-06 02:46 7370240 c:\windows\Installer\5869b.msi
+ 2010-01-15 02:26 . 2010-01-15 02:26 5027840 c:\windows\Installer\42a082be.msp
+ 2010-02-04 22:24 . 2010-02-04 22:24 9122304 c:\windows\Installer\38f8907b.msp
+ 2010-02-21 06:00 . 2010-02-21 06:00 8480768 c:\windows\Installer\38f89067.msp
+ 2010-02-04 05:59 . 2010-02-04 05:59 5031936 c:\windows\Installer\38f89053.msp
+ 2009-04-04 14:14 . 2009-04-04 14:14 1094656 c:\windows\Installer\3529a8.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 1282560 c:\windows\Installer\30f29a9.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\30f29a1.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\30f2997.msp
+ 2009-11-21 04:36 . 2009-11-21 04:36 5002752 c:\windows\Installer\2809ebe.msp
+ 2009-10-16 12:09 . 2009-10-16 12:09 2518016 c:\windows\Installer\2809eaa.msp
+ 2009-10-16 12:03 . 2009-10-16 12:03 5003776 c:\windows\Installer\26889480.msp
+ 2009-08-18 17:58 . 2009-08-18 17:58 8301056 c:\windows\Installer\2688946c.msp
+ 2009-08-18 17:57 . 2009-08-18 17:57 9122304 c:\windows\Installer\26889458.msp
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\17a660a1.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\17a6608b.msp
+ 2009-09-18 13:30 . 2009-09-18 13:30 5016576 c:\windows\Installer\17a66077.msp
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\17a6604c.msp
+ 2009-04-29 03:52 . 2010-03-10 11:07 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-29 03:52 . 2010-03-10 11:07 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-04-29 03:52 . 2009-08-12 10:04 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 04:42 . 2006-09-30 04:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 18:57 . 2006-10-27 18:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 00:07 . 2006-10-27 00:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 00:14 . 2006-10-27 00:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 18:47 . 2006-10-26 18:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 00:02 . 2006-10-27 00:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 23:21 . 2006-10-26 23:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2009-04-29 03:50 . 2009-04-29 03:50 1276720 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-04-01 08:14 . 2010-01-05 10:00 1168384 c:\windows\ie7updates\KB980182-IE7\urlmon.dll

Report •

#17
April 12, 2010 at 11:45:24

+ 2010-04-01 08:14 . 2010-01-05 10:00 3599360 c:\windows\ie7updates\KB980182-IE7\mshtml.dll
+ 2010-04-01 08:14 . 2010-01-05 10:00 6067200 c:\windows\ie7updates\KB980182-IE7\ieframe.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-24 11:02 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-11-04 11:01 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-09 00:50 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-09 00:50 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-10-14 10:07 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-14 10:07 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-14 10:07 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2008-10-27 22:59 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-27 22:58 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-27 22:58 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-27 22:58 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-27 22:58 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-27 22:59 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-27 22:59 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-14 10:05 . 2009-10-14 10:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e00f2abe\System.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1e14408a\System.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e0c69f26\System.Xml.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c7e7d809\System.Xml.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cd9997ed\System.Windows.Forms.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9fea3b74\System.Windows.Forms.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9279f81e\System.Drawing.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a9f4e4d3\System.Design.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8c70fea5\System.Design.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_796958ac\mscorlib.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0e5c8691\mscorlib.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f431bc9e7c51a50035c19abea4cbcaa2\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-14 10:16 . 2009-10-14 10:16 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-14 10:16 . 2009-10-14 10:16 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-14 10:16 . 2009-10-14 10:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-14 10:20 . 2009-10-14 10:20 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-14 10:18 . 2009-10-14 10:18 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-14 10:18 . 2009-10-14 10:18 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-14 10:16 . 2009-10-14 10:16 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-14 10:24 . 2009-10-14 10:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-14 10:23 . 2009-10-14 10:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-14 10:22 . 2009-10-14 10:22 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-09 07:12 . 2009-08-09 07:12 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-09 07:13 . 2009-08-09 07:13 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 10:14 . 2009-10-14 10:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 10:04 . 2009-10-14 10:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-08-22 07:02 . 2007-08-22 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-14 10:04 . 2009-10-14 10:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-08-22 07:02 . 2007-08-22 07:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-10 10:08 . 2009-10-10 10:08 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-02-10 11:02 . 2009-08-05 00:44 2189184 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
+ 2010-02-10 11:02 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe
+ 2010-02-10 11:02 . 2009-08-04 14:20 2066048 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
+ 2010-02-10 11:02 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe
+ 2010-03-10 11:06 . 2008-04-14 00:12 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-02-10 11:05 . 2009-06-03 19:09 1291264 c:\windows\$NtUninstallKB975560$\quartz.dll
+ 2009-11-25 12:33 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 12:33 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-10-14 10:02 . 2009-02-06 11:08 2189056 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-14 10:02 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-14 10:02 . 2009-02-07 23:02 2066048 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-14 10:02 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-11-12 00:08 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-10-14 10:08 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-09-09 10:03 . 2008-06-18 10:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 1170944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\urlmon.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 3602944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
+ 2010-01-05 09:57 . 2010-01-05 09:57 6071296 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieframe.dll
+ 2010-01-23 15:32 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dat
+ 2009-12-09 04:52 . 2009-12-09 04:52 2189312 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
+ 2010-02-10 04:47 . 2009-12-08 17:40 2023936 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe
+ 2009-12-09 04:10 . 2009-12-09 04:10 2066176 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
+ 2010-02-10 04:47 . 2009-12-08 18:20 2145280 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe
+ 2009-10-21 03:59 . 2009-10-21 03:59 3602432 c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-09 00:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2010-03-10 03:36 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-27 17:23 . 2009-11-27 17:23 1291776 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-14 08:42 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-25 12:23 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 12:23 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-10-14 08:41 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-14 08:41 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-04 22:47 . 2009-08-04 22:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-14 08:41 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2007-05-18 20:01 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-09-09 10:02 . 2009-09-09 10:02 15709696 c:\windows\Installer\fdce97.msp
+ 2010-01-24 11:05 . 2010-01-24 11:05 15710720 c:\windows\Installer\d63c07be.msp
+ 2009-05-04 11:49 . 2009-05-04 11:49 10955776 c:\windows\Installer\8344dcf.msp
+ 2009-11-21 04:46 . 2009-11-21 04:46 11524608 c:\windows\Installer\38f8908f.msp
+ 2009-04-04 21:09 . 2009-04-04 21:09 15190016 c:\windows\Installer\3529c9.msp
+ 2009-04-04 15:36 . 2009-04-04 15:36 21390848 c:\windows\Installer\3529a9.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\17a660ab.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\17a66064.msp
+ 2009-08-18 16:50 . 2009-08-18 16:50 12022272 c:\windows\Installer\17a66038.msp
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 22:46 . 2009-04-03 22:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2006-10-27 19:14 . 2006-10-27 19:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2009-10-14 10:17 . 2009-10-14 10:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-14 10:25 . 2009-10-14 10:25 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-14 10:19 . 2009-10-14 10:19 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-14 10:18 . 2009-10-14 10:18 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-14 10:17 . 2009-10-14 10:17 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-14 10:15 . 2009-10-14 10:15 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\3529fd.msp
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\30f298c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2006-01-11 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Us We\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-10-18 225280]
PowerReg Scheduler.exe [2010-2-17 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/08/2009 2:22 AM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/04/2009 2:12 AM 691696]
R1 dmoko;Driver Shortcut VMware Thumbnail for;c:\windows\system32\drivers\ndisoko.sys [20/07/2008 1:41 PM 32768]
R2 ipokoraid;Publisher Office Terminal Property Aladdin Temporary ExtractIcon;c:\windows\system32\svchost.exe -k rpcSsc [16/07/2003 4:47 PM 14336]
R2 ZTime;ZoneTick Time;c:\program files\ZoneTick\timesync.exe [28/06/2009 1:32 PM 241664]
S2 gupdate1ca09be6c2bae9e;Google Update Service (gupdate1ca09be6c2bae9e);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 12:47 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
S3 MTK;Media Technology Kernel Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rpcSsc REG_MULTI_SZ ipokoraid
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac643cd22265a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:47]

2009-08-10 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-23 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Us We\Application Data\Mozilla\Firefox\Profiles\ik8rcpim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {F1590D81-A7F5-4F4F-9048-21BC9D7B3611} - c:\documents and settings\Us We\Local Settings\Application Data\{F1590D81-A7F5-4F4F-9048-21BC9D7B3611}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero8\\nero\uninstall\UNNERO.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 14:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spba.sys hal.dll >>UNKNOWN [0x8738E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7703f28
\Driver\ACPI -> ACPI.sys @ 0xf756bcb8
\Driver\atapi -> atapi.sys @ 0xf7526b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf742fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf743ca21
SendHandler -> NDIS.sys @ 0xf741a87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Completion time: 2010-04-12 14:33:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 18:33
ComboFix2.txt 2009-08-20 18:51

Pre-Run: 34,805,837,824 bytes free
Post-Run: 35,519,422,464 bytes free

- - End Of File - - C049EFB441F9427671EF4653D1C56468


Report •

#18
April 12, 2010 at 16:46:02

That seemed quite a bit longer than other combofix logs ive seen on site.

Report •

#19
April 12, 2010 at 19:37:05

Its a little large.

Please go to Virus Total and upload the following file for analysis:


c:\windows\isegodobuvogepu.dll
c:\windows\Lxelujikap.dat
c:\windows\Djogev.bin

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button to have it checked again.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\certoko.dll

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#20
April 12, 2010 at 20:54:52

jabuck--can u give me a hand on the same basic issue? i already posted my question/ issue--thanks

Report •

#21
April 12, 2010 at 21:32:27

I'm assuming you want the logs from Virus Total as well as ComboFix? Seems the first file is a trojan of sorts while the second one is ok. The 3rd .bin file was 0 bytes and so did not allow me to send it for obvious reasons.

c:\windows\isegodobuvogepu.dll

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.13 Trojan.Win32.Hiloti!IK
AhnLab-V3 5.0.0.2 2010.04.12 -
AntiVir 7.10.6.64 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 W32/Hiloti.D.gen!Eldorado
Avast 4.8.1351.0 2010.04.12 Win32:Hilot
Avast5 5.0.332.0 2010.04.12 Win32:Hilot
AVG 9.0.0.787 2010.04.12 Hiloti.O
BitDefender 7.2 2010.04.13 Trojan.Packed.Hiloti.Gen.1
CAT-QuickHeal None 2010.04.13 -
ClamAV 0.96.0.3-git 2010.04.13 -
Comodo 4582 2010.04.13 TrojWare.Win32.Downloader.Mufanom.C
DrWeb 5.0.2.03300 2010.04.13 Trojan.Packed.1135
eSafe 7.0.17.0 2010.04.12 -
eTrust-Vet 35.2.7421 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 W32/Hiloti.D.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.13 Packed:W32/Mufanom.A
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.13 Trojan.Packed.Hiloti.Gen.1
Ikarus T3.1.1.80.0 2010.04.13 Trojan.Win32.Hiloti
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.13 -
McAfee 5.400.0.1158 2010.04.13 Hiloti.gen.c
McAfee-GW-Edition 6.8.5 2010.04.13 -
Microsoft 1.5605 2010.04.13 Trojan:Win32/Hiloti.gen!A
NOD32 5023 2010.04.12 a variant of Win32/Cimag.BG
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 Trojan.Packed.Hiloti.Gen.1
Panda 10.0.2.2 2010.04.12 Suspicious file
PCTools 7.0.3.5 2010.04.13 Trojan.Zefarch
Prevx 3.0 2010.04.13 -
Rising 22.43.01.01 2010.04.13 -
Sophos 4.52.0 2010.04.13 Mal/Hiloti-A
Sunbelt 6169 2010.04.13 -
Symantec 20091.2.0.41 2010.04.13 Trojan.Zefarch!gen
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 BScope.Trojan.Hiloti
ViRobot 2010.4.12.2272 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.12 -
Additional information
File size: 164352 bytes
MD5...: 49c4bf0aff5570816bd76dca1bb22d07
SHA1..: 346df87267ec2f330a35910300d58bea2516c093
SHA256: 63cf2ed54988eaa9a6349ce976af1d872858228de27ba46566b2c743660d3f46
ssdeep: 3072:lwfhe6cdT18kkzNIFOXSGNgBlnoEYHdJh1N:lwfheTdT18kkZRNdE
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41ec
timedatestamp.....: 0x48c498e9 (Mon Sep 08 03:15:53 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2b000 0x15000 7.96 e99e208da6150a1928d026b0f7a51937
.data 0x2c000 0x13000 0x12600 4.70 8b811a0fe21415c01cf4d85fdd99ffa7
.rsrc 0x3f000 0x1000 0x600 2.47 2acffbe07463766386a93d6a7807e6fd
.reloc 0x40000 0x1000 0x200 1.72 b08979337699b462a34155a1b7e1dc9c

( 4 imports )
> KERNEL32.dll: CloseHandle, ExitProcess, FindResourceA, GetACP, GetCommandLineA, GetCommandLineW, GetLastError, GetModuleHandleA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapReAlloc, IsBadReadPtr, LCMapStringA, MapViewOfFile, MulDiv, MultiByteToWideChar, ResumeThread, RtlUnwind, SetEndOfFile, SetLastError, SetThreadAffinityMask, SetUnhandledExceptionFilter, lstrcmpA
> msvcrt.dll: vswprintf, __p__commode, __set_app_type, _exit, exit, rand, setlocale, __getmainargs
> user32.dll: CreateIconIndirect, SetWindowLongA, SetDlgItemTextA, PostQuitMessage, DeleteMenu, CheckMenuItem
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -

( 1 exports )
W32N_OpenAdapterA
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: NVIDIA Corporation
copyright....: Copyright (C) 2002-2009, NVIDIA Corporation
product......: NVIDIA Cg Runtime
description..: Cg Core Runtime Library
original name: cg.dll
internal name: cg
file version.: 2.2.0010
comments.....: NVIDIA Cg Core Runtime Library
signers......: -
signing date.: -
verified.....: Unsigned


c:\windows\Lxelujikap.dat


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.13 -
AhnLab-V3 5.0.0.2 2010.04.12 -
AntiVir 7.10.6.64 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.12 -
Avast5 5.0.332.0 2010.04.12 -
AVG 9.0.0.787 2010.04.12 -
BitDefender 7.2 2010.04.13 -
CAT-QuickHeal 10.00 2010.04.13 -
ClamAV 0.96.0.3-git 2010.04.13 -
Comodo 4582 2010.04.13 -
DrWeb 5.0.2.03300 2010.04.13 -
eSafe 7.0.17.0 2010.04.12 -
eTrust-Vet 35.2.7421 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.13 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.13 -
Ikarus T3.1.1.80.0 2010.04.13 -
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.13 -
McAfee 5.400.0.1158 2010.04.13 -
McAfee-GW-Edition 6.8.5 2010.04.13 -
Microsoft 1.5605 2010.04.13 -
NOD32 5023 2010.04.12 -
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.12 -
PCTools 7.0.3.5 2010.04.13 -
Prevx 3.0 2010.04.13 -
Rising 22.43.01.01 2010.04.13 -
Sophos 4.52.0 2010.04.13 -
Sunbelt 6169 2010.04.13 -
Symantec 20091.2.0.41 2010.04.13 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.12.2272 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.12 -
Additional information
File size: 120 bytes
MD5...: 8efeabdeec3de81c3dc42a2801ddf461
SHA1..: 02f1032b36b1546af5815cd03befd0aa5a09b008
SHA256: 643f2d4a4311c9af9f31a361a0e827c1aaa6520328d1374e2ee4a65e6e9a2a37
ssdeep: 3:yxKdWoWgX6USwmaF5ctU0RpukCHeh2XVh:ycFWgX6LVTDUHM2Fh
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Report •

#22
April 12, 2010 at 21:59:53

ComboFix 10-04-12.03 - Us We 13/04/2010 0:46.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.660 [GMT -4:00]
Running from: c:\documents and settings\Us We\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Us We\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\certoko.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\certoko.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ipokoraid
-------\Service_ipokoraid


((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-12 17:45 . 2010-04-12 17:45 -------- d-----w- C:\_OTL
2010-04-11 07:46 . 2010-04-11 07:46 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 05:08 . 2010-04-01 05:08 -------- d-----w- c:\documents and settings\Us We\Application Data\runic games
2010-04-01 05:02 . 2010-04-01 05:02 -------- d-----w- c:\program files\Runic Games
2010-03-27 02:59 . 2010-04-10 03:34 20992 ----a-w- c:\windows\bw-uninstall.exe
2010-03-17 06:16 . 2010-04-12 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:25 . 2010-02-04 15:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-12 17:38 . 2010-04-12 17:38 503808 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcp71.dll
2010-04-12 17:38 . 2010-04-12 17:38 499712 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\jmc.dll
2010-04-12 17:38 . 2010-04-12 17:38 348160 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcr71.dll
2010-04-12 17:38 . 2010-04-12 17:38 61440 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-sse.dll
2010-04-12 17:38 . 2010-04-12 17:38 12800 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-d3d.dll
2010-04-12 17:37 . 2007-06-20 12:50 -------- d-----w- c:\program files\Java
2010-04-12 05:33 . 2010-04-12 05:33 5359 ----a-w- c:\program files\hijackthis.log
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\program files\Nero
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-11 07:58 . 2009-09-06 00:33 -------- d-----w- c:\documents and settings\Us We\Application Data\Nero
2010-04-10 22:58 . 2009-08-11 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-09 06:07 . 2009-12-07 09:03 120 ----a-w- c:\windows\Lxelujikap.dat
2010-04-08 19:30 . 2010-04-08 19:30 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120671FF.dll
2010-04-08 19:30 . 2010-04-08 19:30 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
2010-04-01 08:54 . 2010-02-07 05:55 -------- d-----w- c:\program files\Red Kings Poker
2010-04-01 08:50 . 2010-01-10 07:24 -------- d-----w- c:\program files\PartyGaming
2010-04-01 08:48 . 2007-05-17 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 08:33 . 2009-08-29 22:20 -------- d-----w- c:\program files\NDSROM Player
2010-04-01 08:22 . 2007-06-20 20:01 -------- d-----w- c:\program files\Google
2010-04-01 08:20 . 2010-01-23 04:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-20 00:45 . 2010-02-07 11:42 25 ----a-w- c:\windows\popcinfot.dat
2010-03-17 06:13 . 2010-03-17 06:13 152576 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 06:13 . 2010-03-17 06:13 79488 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2006-06-23 15:33 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 11:07 . 2009-04-29 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 02:44 . 2010-03-10 02:44 -------- d-----w- c:\program files\Big City Games
2010-02-18 16:38 . 2010-02-18 16:38 24 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6BB246AD1AC2414D84D13C8F3D38C43.dll
2010-02-18 16:38 . 2010-02-18 16:38 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16CB480C735EED116861000565084666.dll
2010-02-17 06:07 . 2009-08-19 18:18 245 ----a-w- c:\windows\PowerReg.dat
2010-02-14 06:37 . 2010-02-14 03:55 -------- d-----w- c:\program files\RockbetCasino
2010-01-25 08:57 . 2009-04-24 06:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-24 12:53 . 2009-12-24 12:51 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-08-11 07:15 . 2009-07-27 14:08 610636 ----a-w- c:\program files\HOSTS
2009-08-11 07:15 . 2009-07-19 03:58 1384 ----a-w- c:\program files\PrivacyPolicy.txt
2009-08-11 07:15 . 2009-07-19 03:56 6293 ----a-w- c:\program files\readme.txt
2009-08-11 07:15 . 2008-12-24 09:07 1615 ----a-w- c:\program files\mvps.bat
2009-08-11 07:15 . 2007-09-06 05:12 794 ----a-w- c:\program files\License.txt
2005-02-16 16:06 . 2010-02-18 16:42 218112 ----a-w- c:\program files\HijackThis.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-04-12_18.28.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-13 04:54 . 2010-04-13 04:54 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2006-01-11 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Us We\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-10-18 225280]
PowerReg Scheduler.exe [2010-2-17 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/08/2009 2:22 AM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/04/2009 2:12 AM 691696]
R1 dmoko;Driver Shortcut VMware Thumbnail for;c:\windows\system32\drivers\ndisoko.sys [20/07/2008 1:41 PM 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
R2 ZTime;ZoneTick Time;c:\program files\ZoneTick\timesync.exe [28/06/2009 1:32 PM 241664]
S2 gupdate1ca09be6c2bae9e;Google Update Service (gupdate1ca09be6c2bae9e);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 12:47 AM 133104]
S3 MTK;Media Technology Kernel Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rpcSsc REG_MULTI_SZ ipokoraid
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 04:46]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac643cd22265a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Us We\Application Data\Mozilla\Firefox\Profiles\ik8rcpim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {F1590D81-A7F5-4F4F-9048-21BC9D7B3611} - c:\documents and settings\Us We\Local Settings\Application Data\{F1590D81-A7F5-4F4F-9048-21BC9D7B3611}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 00:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spup.sys hal.dll >>UNKNOWN [0x8738D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7703f28
\Driver\ACPI -> ACPI.sys @ 0xf756bcb8
\Driver\atapi -> atapi.sys @ 0xf7526b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf742fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf743ca21
SendHandler -> NDIS.sys @ 0xf741a87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Completion time: 2010-04-13 01:00:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-13 05:00
ComboFix2.txt 2010-04-12 18:33
ComboFix3.txt 2009-08-20 18:51

Pre-Run: 35,464,658,944 bytes free
Post-Run: 35,420,692,480 bytes free

- - End Of File - - 13EE495046944ED1234692EC3EE8D7F9


Report •

#23
April 13, 2010 at 03:36:57

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\isegodobuvogepu.dll

DIRLOOK::
c:\program files\Cheat Engine

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#24
April 13, 2010 at 08:18:22

I have this same problem... Is it fixable jabucks?

Report •

#25
April 13, 2010 at 11:45:20

I don't mean to be rude, but Razzle71 and MTP725, you really should just start your own thread. What jabuck tells me and what he tells you might be 2 different things. You shouldn't just be copying what he tells me to do, particularly with ComboFix. These aren't little toys, they are powerful tools.

Report •

#26
April 13, 2010 at 12:18:41

ComboFix 10-04-13.02 - Us We 13/04/2010 15:02:12.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.695 [GMT -4:00]
Running from: c:\documents and settings\Us We\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Us We\Desktop\CFScript.txt

FILE ::
"c:\windows\isegodobuvogepu.dll"
.

((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 18:53 . 2010-04-13 19:01 -------- d-----w- C:\Combo-Fix
2010-04-12 17:45 . 2010-04-12 17:45 -------- d-----w- C:\_OTL
2010-04-11 07:46 . 2010-04-11 07:46 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 05:08 . 2010-04-01 05:08 -------- d-----w- c:\documents and settings\Us We\Application Data\runic games
2010-04-01 05:02 . 2010-04-01 05:02 -------- d-----w- c:\program files\Runic Games
2010-03-27 02:59 . 2010-04-10 03:34 20992 ----a-w- c:\windows\bw-uninstall.exe
2010-03-17 06:16 . 2010-04-12 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:25 . 2010-02-04 15:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-12 17:38 . 2010-04-12 17:38 503808 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcp71.dll
2010-04-12 17:38 . 2010-04-12 17:38 499712 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\jmc.dll
2010-04-12 17:38 . 2010-04-12 17:38 348160 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcr71.dll
2010-04-12 17:38 . 2010-04-12 17:38 61440 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-sse.dll
2010-04-12 17:38 . 2010-04-12 17:38 12800 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-d3d.dll
2010-04-12 17:37 . 2007-06-20 12:50 -------- d-----w- c:\program files\Java
2010-04-12 05:33 . 2010-04-12 05:33 5359 ----a-w- c:\program files\hijackthis.log
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-11 07:58 . 2009-09-06 00:33 -------- d-----w- c:\documents and settings\Us We\Application Data\Nero
2010-04-10 22:58 . 2009-08-11 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-09 06:07 . 2009-12-07 09:03 120 ----a-w- c:\windows\Lxelujikap.dat
2010-04-08 19:30 . 2010-04-08 19:30 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120671FF.dll
2010-04-08 19:30 . 2010-04-08 19:30 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
2010-04-01 08:48 . 2007-05-17 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 08:33 . 2009-08-29 22:20 -------- d-----w- c:\program files\NDSROM Player
2010-04-01 08:22 . 2007-06-20 20:01 -------- d-----w- c:\program files\Google
2010-03-20 00:45 . 2010-02-07 11:42 25 ----a-w- c:\windows\popcinfot.dat
2010-03-17 06:13 . 2010-03-17 06:13 152576 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 06:13 . 2010-03-17 06:13 79488 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2006-06-23 15:33 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 11:07 . 2009-04-29 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 16:38 . 2010-02-18 16:38 24 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6BB246AD1AC2414D84D13C8F3D38C43.dll
2010-02-18 16:38 . 2010-02-18 16:38 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16CB480C735EED116861000565084666.dll
2010-02-17 06:07 . 2009-08-19 18:18 245 ----a-w- c:\windows\PowerReg.dat
2010-01-25 08:57 . 2009-04-24 06:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-24 12:53 . 2009-12-24 12:51 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-08-11 07:15 . 2009-07-27 14:08 610636 ----a-w- c:\program files\HOSTS
2009-08-11 07:15 . 2009-07-19 03:58 1384 ----a-w- c:\program files\PrivacyPolicy.txt
2009-08-11 07:15 . 2009-07-19 03:56 6293 ----a-w- c:\program files\readme.txt
2009-08-11 07:15 . 2008-12-24 09:07 1615 ----a-w- c:\program files\mvps.bat
2009-08-11 07:15 . 2007-09-06 05:12 794 ----a-w- c:\program files\License.txt
2005-02-16 16:06 . 2010-02-18 16:42 218112 ----a-w- c:\program files\HijackThis.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Cheat Engine ----

2010-02-14 06:37 . 2010-02-14 06:37 7680 --sha-w- c:\program files\Cheat Engine\Thumbs.db
2010-02-05 15:31 . 2010-02-05 15:33 11 ----a-w- c:\program files\Cheat Engine\Addresses.TMP
2010-02-04 15:58 . 2010-02-05 15:33 31867 ----a-w- c:\program files\Cheat Engine\ADDRESSESFIRST.TMP
2010-02-04 15:58 . 2010-02-05 15:33 31860 ----a-w- c:\program files\Cheat Engine\MEMORYFIRST.TMP
2010-02-04 15:53 . 2009-11-03 18:48 90112 ----a-w- c:\program files\Cheat Engine\undercdll.dll
2010-02-04 15:53 . 2003-12-07 22:02 471040 ----a-w- c:\program files\Cheat Engine\ucc12.dll
2010-02-04 15:53 . 2009-11-03 18:06 133 ----a-w- c:\program files\Cheat Engine\example scripts\testscript.CEC
2010-02-04 15:53 . 2009-11-03 18:06 581 ----a-w- c:\program files\Cheat Engine\example scripts\timermess.CEC
2010-02-04 15:53 . 2009-11-03 18:06 254 ----a-w- c:\program files\Cheat Engine\example scripts\step10.CEC
2010-02-04 15:53 . 2009-11-03 18:06 1696 ----a-w- c:\program files\Cheat Engine\example scripts\changeregtest.CEC
2010-02-04 15:53 . 2009-11-03 18:06 313 ----a-w- c:\program files\Cheat Engine\example scripts\gettime.CEC
2010-02-04 15:53 . 2009-11-03 18:06 174 ----a-w- c:\program files\Cheat Engine\example scripts\sleepcall.CEC
2010-02-04 15:53 . 2009-11-03 18:06 3488 ----a-w- c:\program files\Cheat Engine\include\wininet.h
2010-02-04 15:53 . 2009-11-03 18:06 899 ----a-w- c:\program files\Cheat Engine\include\winuser.h
2010-02-04 15:53 . 2009-11-03 18:06 570 ----a-w- c:\program files\Cheat Engine\include\yawl.h
2010-02-04 15:53 . 2009-11-03 18:06 191 ----a-w- c:\program files\Cheat Engine\include\_end_shared.h
2010-02-04 15:53 . 2009-11-03 18:06 136 ----a-w- c:\program files\Cheat Engine\include\_shared_lib.h
2010-02-04 15:53 . 2009-11-03 18:06 639 ----a-w- c:\program files\Cheat Engine\include\uc_save.h
2010-02-04 15:53 . 2009-11-03 18:06 536 ----a-w- c:\program files\Cheat Engine\include\uc_timer.h
2010-02-04 15:53 . 2009-11-03 18:06 2950 ----a-w- c:\program files\Cheat Engine\include\vector
2010-02-04 15:53 . 2009-11-03 18:06 0 ----a-w- c:\program files\Cheat Engine\include\vector.h
2010-02-04 15:53 . 2009-11-03 18:06 3246 ----a-w- c:\program files\Cheat Engine\include\winbase.h
2010-02-04 15:53 . 2009-11-03 18:06 372 ----a-w- c:\program files\Cheat Engine\include\windows.h
2010-02-04 15:53 . 2009-11-03 18:06 703 ----a-w- c:\program files\Cheat Engine\include\test-stdarg.uc
2010-02-04 15:53 . 2009-11-03 18:06 1431 ----a-w- c:\program files\Cheat Engine\include\time.h
2010-02-04 15:53 . 2009-11-03 18:06 4747 ----a-w- c:\program files\Cheat Engine\include\turtle.h
2010-02-04 15:53 . 2009-11-03 18:06 335 ----a-w- c:\program files\Cheat Engine\include\ucri.h
2010-02-04 15:53 . 2009-11-03 18:06 1208 ----a-w- c:\program files\Cheat Engine\include\uc_except.h
2010-02-04 15:53 . 2009-11-03 18:06 388 ----a-w- c:\program files\Cheat Engine\include\stdio.h
2010-02-04 15:53 . 2009-11-03 18:06 1180 ----a-w- c:\program files\Cheat Engine\include\stdlib.h
2010-02-04 15:53 . 2009-11-03 18:06 3242 ----a-w- c:\program files\Cheat Engine\include\string
2010-02-04 15:53 . 2009-11-03 18:06 1092 ----a-w- c:\program files\Cheat Engine\include\string.h
2010-02-04 15:53 . 2009-11-03 18:06 2 ----a-w- c:\program files\Cheat Engine\include\strstrea.h
2010-02-04 15:53 . 2009-11-03 18:06 2 ----a-w- c:\program files\Cheat Engine\include\strstream.h
2010-02-04 15:53 . 2009-11-03 18:06 333 ----a-w- c:\program files\Cheat Engine\include\stdarg.h
2010-02-04 15:53 . 2009-11-03 18:06 100 ----a-w- c:\program files\Cheat Engine\include\stddef.h
2010-02-04 15:53 . 2009-11-03 18:06 1106 ----a-w- c:\program files\Cheat Engine\include\math.h
2010-02-04 15:53 . 2009-11-03 18:06 179 ----a-w- c:\program files\Cheat Engine\include\new-stdlib.h
2010-02-04 15:53 . 2009-11-03 18:06 5882 ----a-w- c:\program files\Cheat Engine\include\old-string
2010-02-04 15:53 . 2009-11-03 18:06 2667 ----a-w- c:\program files\Cheat Engine\include\regexp.h
2010-02-04 15:53 . 2009-11-03 18:06 1782 ----a-w- c:\program files\Cheat Engine\include\rx++.h
2010-02-04 15:53 . 2009-11-03 18:06 11476 ----a-w- c:\program files\Cheat Engine\include\self.imp
2010-02-04 15:53 . 2009-11-03 18:06 1314 ----a-w- c:\program files\Cheat Engine\include\sstream
2010-02-04 15:53 . 2009-11-03 18:06 6323 ----a-w- c:\program files\Cheat Engine\include\listx
2010-02-04 15:53 . 2009-11-03 18:06 24 ----a-w- c:\program files\Cheat Engine\include\malloc.h
2010-02-04 15:53 . 2009-11-03 18:06 5926 ----a-w- c:\program files\Cheat Engine\include\map
2010-02-04 15:53 . 2009-11-03 18:06 674 ----a-w- c:\program files\Cheat Engine\include\header.cpp
2010-02-04 15:53 . 2009-11-03 18:06 1104 ----a-w- c:\program files\Cheat Engine\include\io.h
2010-02-04 15:53 . 2009-11-03 18:06 6226 ----a-w- c:\program files\Cheat Engine\include\iostream
2010-02-04 15:53 . 2009-11-03 18:06 178 ----a-w- c:\program files\Cheat Engine\include\iostream.h
2010-02-04 15:53 . 2009-11-03 18:06 6444 ----a-w- c:\program files\Cheat Engine\include\list
2010-02-04 15:53 . 2009-11-03 18:06 6276 ----a-w- c:\program files\Cheat Engine\include\list.new
2010-02-04 15:53 . 2009-11-03 18:06 552 ----a-w- c:\program files\Cheat Engine\include\for_each.h
2010-02-04 15:53 . 2009-11-03 18:06 72 ----a-w- c:\program files\Cheat Engine\include\fstream
2010-02-04 15:53 . 2009-11-03 18:06 2 ----a-w- c:\program files\Cheat Engine\include\fstream.h
2010-02-04 15:53 . 2009-11-03 18:06 1768 ----a-w- c:\program files\Cheat Engine\include\glib.h
2010-02-04 15:53 . 2009-11-03 18:06 84 ----a-w- c:\program files\Cheat Engine\include\cctype
2010-02-04 15:53 . 2009-11-03 18:06 281 ----a-w- c:\program files\Cheat Engine\include\classlib.h
2010-02-04 15:53 . 2009-11-03 18:06 2 ----a-w- c:\program files\Cheat Engine\include\cmath
2010-02-04 15:53 . 2009-11-03 18:06 19 ----a-w- c:\program files\Cheat Engine\include\cstdarg.txt
2010-02-04 15:53 . 2009-11-03 18:06 18 ----a-w- c:\program files\Cheat Engine\include\cstdio
2010-02-04 15:53 . 2009-11-03 18:06 48 ----a-w- c:\program files\Cheat Engine\include\cstdlib
2010-02-04 15:53 . 2009-11-03 18:06 2 ----a-w- c:\program files\Cheat Engine\include\cstring
2010-02-04 15:53 . 2009-11-03 18:06 693 ----a-w- c:\program files\Cheat Engine\include\foreach2.h
2010-02-04 15:53 . 2009-11-03 18:06 5175 ----a-w- c:\program files\Cheat Engine\include\algorithm
2010-02-04 15:53 . 2009-11-03 18:06 511 ----a-w- c:\program files\Cheat Engine\include\assert.h
2010-02-04 15:53 . 2009-11-03 18:07 4488 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.pas
2010-02-04 15:53 . 2009-11-03 18:07 1691 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.dfm
2010-02-04 15:53 . 2010-01-03 04:21 976 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.dpr
2010-02-04 15:53 . 2009-11-03 18:07 876 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.res
2010-02-04 15:53 . 2010-01-03 04:22 2185 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\exportimplementation.pas
2010-02-04 15:53 . 2010-01-03 04:22 446 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.cfg
2010-02-04 15:53 . 2010-01-20 21:19 476160 ----a-w- c:\program files\Cheat Engine\Plugins\DebugEventLog\DebugEventLog.dll
2010-02-04 15:53 . 2009-11-03 18:07 18084 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\hexedit.pas
2010-02-04 15:53 . 2009-11-03 18:07 3724 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.dfm
2010-02-04 15:53 . 2009-11-03 18:07 8074 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.pas
2010-02-04 15:53 . 2009-11-03 18:07 9779 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\packetfilter.pas
2010-02-04 15:53 . 2009-11-03 18:07 1264 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dpr
2010-02-04 15:53 . 2009-11-03 18:07 876 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.res
2010-02-04 15:53 . 2009-11-03 18:07 1718 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.dfm
2010-02-04 15:53 . 2009-11-03 18:07 515 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.pas
2010-02-04 15:53 . 2009-11-03 18:49 443 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.cfg
2010-02-04 15:53 . 2009-11-03 18:49 3163 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dof
2010-02-04 15:53 . 2009-11-03 18:07 3168 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\injector.pas
2010-02-04 15:53 . 2010-01-02 22:05 455 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\packeteditor.cfg
2010-02-04 15:53 . 2010-01-02 22:05 3166 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dof
2010-02-04 15:53 . 2010-01-02 22:04 874 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dpr
2010-02-04 15:53 . 2009-11-03 18:07 876 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\packeteditor.res
2010-02-04 15:53 . 2010-01-02 22:05 1561 ----a-w- c:\program files\Cheat Engine\Plugins\example packet editor\src\Unit1.pas
2010-02-04 15:53 . 2009-11-03 18:49 434 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\exampleplugin.cfg
2010-02-04 15:53 . 2009-11-03 18:49 2859 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\exampleplugin.dof
2010-02-04 15:53 . 2009-11-03 18:07 801 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\exampleplugin.dpr
2010-02-04 15:53 . 2009-11-03 18:07 876 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\exampleplugin.res
2010-02-04 15:53 . 2009-11-03 18:07 7526 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\Unit1.pas
2010-02-04 15:53 . 2010-01-20 21:24 367616 ----a-w- c:\program files\Cheat Engine\Plugins\example-delphi\exampleplugin.dll
2010-02-04 15:53 . 2010-01-10 01:53 6287 ----a-w- c:\program files\Cheat Engine\Plugins\example-c\example-c.c
2010-02-04 15:53 . 2009-11-03 18:07 96 ----a-w- c:\program files\Cheat Engine\Plugins\example-c\example-c.def
2010-02-04 15:53 . 2010-01-02 22:08 878 ----a-w- c:\program files\Cheat Engine\Plugins\example-c\example-c.sln
2010-02-04 15:53 . 2010-01-03 04:24 4795 ----a-w- c:\program files\Cheat Engine\Plugins\example-c\example-c.vcproj
2010-02-04 15:53 . 2010-01-20 20:38 13308 ----a-w- c:\program files\Cheat Engine\Plugins\cepluginsdk.h
2010-02-04 15:53 . 2010-01-15 01:30 10951 ----a-w- c:\program files\Cheat Engine\Plugins\cepluginsdk.pas
2010-02-04 15:53 . 2010-01-20 20:18 55296 ----a-w- c:\program files\Cheat Engine\Plugins\example-c\example-c.dll
2010-02-04 15:53 . 2009-11-14 23:45 90112 ----a-w- c:\program files\Cheat Engine\allochook.dll
2010-02-04 15:53 . 2010-01-20 21:41 470016 ----a-w- c:\program files\Cheat Engine\Tutorial.exe
2010-02-04 15:53 . 2010-02-04 00:55 209032 ----a-w- c:\program files\Cheat Engine\CheatEngine.chm
2010-02-04 15:53 . 2009-11-03 18:45 16896 ----a-w- c:\program files\Cheat Engine\systemcallsignal.exe
2010-02-04 15:53 . 2009-11-03 18:42 13824 ----a-w- c:\program files\Cheat Engine\EmptyDLL.dll
2010-02-04 15:53 . 2009-12-17 04:20 581120 ----a-w- c:\program files\Cheat Engine\Systemcallretriever.exe
2010-02-04 15:53 . 2010-01-01 06:52 51200 ----a-w- c:\program files\Cheat Engine\dbk64.sys
2010-02-04 15:53 . 2009-11-03 18:43 39424 ----a-w- c:\program files\Cheat Engine\EmptyProcess.exe
2010-02-04 15:53 . 2010-01-29 02:35 121344 ----a-w- c:\program files\Cheat Engine\dbk32.dll
2010-02-04 15:53 . 2009-12-31 23:10 98816 ----a-w- c:\program files\Cheat Engine\Kernelmoduleunloader.exe
2010-02-04 15:53 . 2009-12-29 03:26 89088 ----a-w- c:\program files\Cheat Engine\ceregreset.exe
2010-02-04 15:53 . 2010-01-03 04:11 431616 ----a-w- c:\program files\Cheat Engine\dxhook.dll
2010-02-04 15:53 . 2009-11-03 18:07 66 ----a-w- c:\program files\Cheat Engine\Black.bmp
2010-02-04 15:53 . 2009-11-03 18:07 190 ----a-w- c:\program files\Cheat Engine\Locktexture.bmp
2010-02-04 15:53 . 2009-11-03 18:07 190 ----a-w- c:\program files\Cheat Engine\movementtexture.bmp
2010-02-04 15:53 . 2009-11-03 18:07 190 ----a-w- c:\program files\Cheat Engine\targettexture.bmp
2010-02-04 15:53 . 2009-11-03 18:07 3510 ----a-w- c:\program files\Cheat Engine\TextureString.bmp
2010-02-04 15:53 . 2009-11-03 18:07 3638 ----a-w- c:\program files\Cheat Engine\UnLockedString.bmp
2010-02-04 15:53 . 2010-01-27 20:57 1021 ----a-w- c:\program files\Cheat Engine\commonmodulelist.txt
2010-02-04 15:53 . 2009-11-03 18:07 4662 ----a-w- c:\program files\Cheat Engine\LockedString.bmp
2010-02-04 15:53 . 2009-12-20 22:48 88064 ----a-w- c:\program files\Cheat Engine\speedhack.dll
2010-02-04 15:53 . 2010-01-03 04:10 515584 ----a-w- c:\program files\Cheat Engine\CEHook.dll
2010-02-04 15:53 . 2009-12-20 03:55 290816 ----a-w- c:\program files\Cheat Engine\vmdisk.img
2010-02-04 15:53 . 2010-02-04 02:05 3437568 ----a-w- c:\program files\Cheat Engine\Cheat Engine.exe
2010-02-04 15:53 . 2010-02-04 15:53 707354 ----a-w- c:\program files\Cheat Engine\unins000.exe
2010-02-04 15:53 . 2010-02-04 15:53 13781 ----a-w- c:\program files\Cheat Engine\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2006-01-11 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Us We\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-10-18 225280]
PowerReg Scheduler.exe [2010-2-17 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/08/2009 2:22 AM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/04/2009 2:12 AM 691696]
R1 dmoko;Driver Shortcut VMware Thumbnail for;c:\windows\system32\drivers\ndisoko.sys [20/07/2008 1:41 PM 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
R2 ZTime;ZoneTick Time;c:\program files\ZoneTick\timesync.exe [28/06/2009 1:32 PM 241664]
S2 gupdate1ca09be6c2bae9e;Google Update Service (gupdate1ca09be6c2bae9e);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 12:47 AM 133104]
S3 MTK;Media Technology Kernel Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rpcSsc REG_MULTI_SZ ipokoraid
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 04:46]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac643cd22265a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Us We\Application Data\Mozilla\Firefox\Profiles\ik8rcpim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {F1590D81-A7F5-4F4F-9048-21BC9D7B3611} - c:\documents and settings\Us We\Local Settings\Application Data\{F1590D81-A7F5-4F4F-9048-21BC9D7B3611}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Chess 2003 - c:\progra~1\BIGCIT~1\CHESS2~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys splt.sys hal.dll >>UNKNOWN [0x8738E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76f3f28
\Driver\ACPI -> ACPI.sys @ 0xf755bcb8
\Driver\atapi -> atapi.sys @ 0xf7516b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf741fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf742ca21
SendHandler -> NDIS.sys @ 0xf740a87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Completion time: 2010-04-13 15:16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-13 19:16
ComboFix2.txt 2010-04-13 05:00
ComboFix3.txt 2010-04-12 18:33
ComboFix4.txt 2009-08-20 18:51

Pre-Run: 35,354,767,360 bytes free
Post-Run: 35,465,785,344 bytes free

- - End Of File - - 4845D828D4EB2C690E3C39E1ED37E8DC


Report •

#27
April 13, 2010 at 12:25:24

If you're curious about that Cheat Engine app, its just a little program for flash game cheating lol. I know, I know. Who cheats at online flash games, right? Me.

ESET log follows..


Report •

#28
April 13, 2010 at 13:21:58

Sorry, scan's taking alot longer than I thought. 57 minutes and counting.

Report •

#29
April 13, 2010 at 19:22:27

Did you update Java?

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\drivers\ndisoko.sys
c:\windows\Lxelujikap.dat
c:\windows\Djogev.bin

Driver::
dmoko

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

There may be a rootkit in your Cheat.

Please go to Virus Total and upload the following file for analysis:

c:\program files\Cheat Engine\dbk32.dll

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button to have it checked again.

Post the results in your reply.


Report •

#30
April 13, 2010 at 20:39:29

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6f123e2f32fb9b4296559cc04920cc2e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-14 01:47:02
# local_time=2010-04-13 09:47:02 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=194585
# found=64
# cleaned=0
# scan_time=14411
C:\Documents and Settings\All Users\Application Data\SecTaskMan\arinezonusohomat.dll.q_Quarantine_2CF7402_q a variant of Win32/Cimag.BQ trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\SecTaskMan\bill106.exe.q_Quarantine_2CF3001_q Win32/Koobface.NCT worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\SecTaskMan\siszyd32.exe.q_Quarantine_503F4000_q Win32/TrojanDownloader.Bredolab.BD trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\SecTaskMan\uxezivanomozo.dll.q_Quarantine_2CFA802_q a variant of Win32/Cimag.BD trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Us We\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\scad87.dll.vir a variant of Win32/Cimag.BB trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\av_md.exe.vir a variant of Win32/Kryptik.CSE trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fjhdyfhsn.bat.vir BAT/Agent.NFC trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\av_md.exe.vir a variant of Win32/Kryptik.CSE trojan 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1960408961-1454471165-725345543-1004\Dc5.exe Win32/Koobface.NCT worm 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP12\A0010818.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP41\A0015943.dll a variant of Win32/Cimag.BD trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP42\A0015945.exe Win32/TrojanDownloader.Bredolab.BD trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016621.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016622.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016623.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016624.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016625.exe a variant of Win32/PrimeCasino application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016629.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP43\A0016632.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP47\A0018396.exe Win32/PowerReg application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP48\A0021474.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP48\A0021478.exe a variant of Win32/PrimeCasino application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP48\A0021479.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP48\A0021482.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP63\A0023592.exe a variant of Win32/PrimeCasino application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024178.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024191.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024192.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024194.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024195.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024198.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024199.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP64\A0024202.exe a variant of Win32/CasOnline application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP65\A0025212.dll a variant of Win32/Cimag.BQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP65\A0025213.exe a variant of Win32/Tinxy.BJ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP65\A0025214.exe Win32/Koobface.NCT worm 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP66\A0025215.exe Win32/Koobface.NCT worm 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0025943.dll a variant of Win32/Cimag.BB trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0025944.exe a variant of Win32/Kryptik.CSE trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0025945.exe a variant of Win32/Kryptik.CSE trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0025946.bat BAT/Agent.NFC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0026361.dll a variant of Win32/Tinxy.BJ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6F9B5DEF-0481-4C32-A071-E0198F667F84}\RP72\A0026617.dll a variant of Win32/Cimag.BG trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\ndisoko.sys probably a variant of Win32/Tinxy.AU trojan 00000000000000000000000000000000 I
E:\mruvkcm.exe a variant of Win32/Kryptik.FI trojan 00000000000000000000000000000000 I
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6MWU7ZUJ\Malware%20Doctor[1].exe Win32/FraudTool.MalwareDoctor.A application 00000000000000000000000000000000 I
E:\Program Files\C0C8E5FD-B629-4644-81CD-E8E0FDF6A85D\Malware Doctor.exe Win32/FraudTool.MalwareDoctor.A application 00000000000000000000000000000000 I
E:\WINDOWS\system32\emqsys.dll probably a variant of Win32/Small trojan 00000000000000000000000000000000 I
E:\WINDOWS\system32\espatcpm.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\GfMlSBeg.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\GfMlSBeg.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\idjppshs.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\jggmgioy.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\kacgoeut.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\oudacpgp.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\qcqmssud.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\scjbwgjc.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\xafympsd.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\xbnloycw.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\ymnnpcgv.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\ynawfdsq.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
E:\WINDOWS\system32\drivers\svchost.exe a variant of Win32/Kryptik.WC trojan 00000000000000000000000000000000 I
E:\WINDOWS\Temp\1E7467BA.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I

Report •

#31
April 13, 2010 at 20:44:00

I ran into a snag with the java update. It is described in 'Response 10'.
The ESET scan found alot of threats. I still have the window for it open. Is there anything else I should do with it?

Report •

#32
April 13, 2010 at 20:50:04

Viru Total

File dbk32.dll
Result: 1/40 (2.5%)


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
AntiVir 7.10.6.69 2010.04.13 -
Antiy-AVL 2.0.3.7 2010.04.13 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.13 -
Avast5 5.0.332.0 2010.04.13 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.13 -
Comodo 4593 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.13 -
eTrust-Vet 35.2.7423 2010.04.13 -
F-Prot 4.5.1.85 2010.04.13 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.13 Heuristic.BehavesLike.Win32.CodeInjection.H
Microsoft 1.5605 2010.04.14 -
NOD32 5026 2010.04.13 -
Norman 6.04.11 2010.04.13 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.7 2010.04.13 -
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.01 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6174 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.260 2010.04.13 -
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.13.2274 2010.04.13 -
VirusBuster 5.0.27.0 2010.04.13 -
Additional information
File size: 121344 bytes
MD5...: 99973b172d41cacae7e498696fa3b2f7
SHA1..: 38a59bc9971a4df21c417dd1f8479b583e9d98f6
SHA256: 79f9c24982e8c50da0d0c28786fffccf2616286a32bee06358c740c0bf6a239f
ssdeep: 3072:DhjzHmck1r8sT4jSBTQdBsjN6sh9JyipSPW2eI:9HmcPG4jW0/s/hfyu

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x18fec
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x18008 0x18200 6.41 c9907216dcf6708f144233e37c36c1b0
DATA 0x1a000 0x5d4 0x600 4.14 bab39153058e5f9585780d8f436dff95
BSS 0x1b000 0xb51 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1c000 0xe1c 0x1000 4.51 58ee02649fedd02fde2431f192f2e259
.edata 0x1d000 0x6c6 0x800 5.03 34db2acb4c0f6bee0149dfa8a10b893e
.reloc 0x1e000 0x1c94 0x1e00 6.58 4a06434fb83b2ddc549480d2b25a7ff3
.rsrc 0x20000 0x1800 0x1800 3.83 cc1ce096b35dc111ebd3f9b48828cc78

( 11 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc
> advapi32.dll: RegSetValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey
> kernel32.dll: WriteProcessMemory, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQueryEx, VirtualQuery, VirtualAllocEx, SetProcessAffinityMask, SetFilePointer, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReadProcessMemory, ReadFile, OutputDebugStringA, OpenProcess, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcessAffinityMask, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, GetACP, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FormatMessageA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeviceIoControl, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> user32.dll: PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> advapi32.dll: StartServiceA, OpenServiceA, OpenSCManagerA, CreateServiceA, CloseServiceHandle, ChangeServiceConfigA

( 64 exports )
CreateRemoteAPC, DBKDebug_ContinueDebugEvent, DBKDebug_GD_SetBreakpoint, DBKDebug_GetDebuggerState, DBKDebug_SetDebuggerState, DBKDebug_SetGlobalDebugState, DBKDebug_StartDebugging, DBKDebug_StopDebugging, DBKDebug_WaitForDebugEvent, DBKResumeProcess, DBKResumeThread, DBKSuspendProcess, DBKSuspendThread, GetCR0, GetCR3, GetCR4, GetDebugportOffset, GetGDT, GetIDTCurrentThread, GetIDTs, GetKProcAddress, GetKProcAddress64, GetLoadedState, GetPEProcess, GetPEThread, GetPhysicalAddress, GetProcessNameFromID, GetProcessNameFromPEProcess, GetProcessnameOffset, GetSDT, GetSDTEntry, GetSDTShadow, GetSSDTEntry, GetThreadListEntryOffset, GetThreadsProcessOffset, IsValidHandle, KernelAlloc, KernelAlloc64, LaunchDBVM, MakeWritable, NOP, OP, OT, RPM, RPM64, ReadPhysicalMemory, StartProcessWatch, UserdefinedInterruptHook, VAE, VQE, WPM, WPM64, WaitForProcessListData, WritePhysicalMemory, dbvm_block_interrupts, dbvm_changeselectors, dbvm_raise_privilege, dbvm_read_physical_memory, dbvm_redirect_interrupt1, dbvm_restore_interrupts, dbvm_version, dbvm_write_physical_memory, executeKernelCode, isDriverLoaded

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Report •

#33
April 13, 2010 at 21:13:49

ComboFix 10-04-13.02 - Us We 13/04/2010 23:59:33.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.667 [GMT -4:00]
Running from: c:\documents and settings\Us We\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Us We\Desktop\CFScript.txt

FILE ::
"c:\windows\Djogev.bin"
"c:\windows\Lxelujikap.dat"
"c:\windows\system32\drivers\ndisoko.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Lxelujikap.dat
c:\windows\system32\drivers\ndisoko.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMOKO
-------\Service_dmoko


((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 21:08 . 2010-04-13 21:08 -------- d-----w- c:\program files\JRE
2010-04-13 21:07 . 2010-04-13 21:08 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-13 21:03 . 2010-04-13 21:04 -------- d-----w- c:\program files\Open Office
2010-04-13 19:26 . 2010-04-13 19:26 -------- d-----w- c:\program files\ESET
2010-04-13 18:53 . 2010-04-13 19:01 -------- d-----w- C:\Combo-Fix
2010-04-12 17:45 . 2010-04-12 17:45 -------- d-----w- C:\_OTL
2010-04-11 07:46 . 2010-04-11 07:46 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 05:08 . 2010-04-01 05:08 -------- d-----w- c:\documents and settings\Us We\Application Data\runic games
2010-04-01 05:02 . 2010-04-01 05:02 -------- d-----w- c:\program files\Runic Games
2010-03-27 02:59 . 2010-04-10 03:34 20992 ----a-w- c:\windows\bw-uninstall.exe
2010-03-17 06:16 . 2010-04-12 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:25 . 2010-02-04 15:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-12 17:38 . 2010-04-12 17:38 503808 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcp71.dll
2010-04-12 17:38 . 2010-04-12 17:38 499712 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\jmc.dll
2010-04-12 17:38 . 2010-04-12 17:38 348160 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3990ab13-n\msvcr71.dll
2010-04-12 17:38 . 2010-04-12 17:38 61440 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-sse.dll
2010-04-12 17:38 . 2010-04-12 17:38 12800 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65a8ae10-n\decora-d3d.dll
2010-04-12 17:37 . 2007-06-20 12:50 -------- d-----w- c:\program files\Java
2010-04-12 05:33 . 2010-04-12 05:33 5359 ----a-w- c:\program files\hijackthis.log
2010-04-11 07:58 . 2009-09-06 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-11 07:58 . 2009-09-06 00:33 -------- d-----w- c:\documents and settings\Us We\Application Data\Nero
2010-04-10 22:58 . 2009-08-11 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-08 19:30 . 2010-04-08 19:30 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120671FF.dll
2010-04-08 19:30 . 2010-04-08 19:30 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
2010-04-01 08:48 . 2007-05-17 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 08:33 . 2009-08-29 22:20 -------- d-----w- c:\program files\NDSROM Player
2010-04-01 08:22 . 2007-06-20 20:01 -------- d-----w- c:\program files\Google
2010-03-20 00:45 . 2010-02-07 11:42 25 ----a-w- c:\windows\popcinfot.dat
2010-03-17 06:13 . 2010-03-17 06:13 152576 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 06:13 . 2010-03-17 06:13 79488 ----a-w- c:\documents and settings\Us We\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2006-06-23 15:33 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 11:07 . 2009-04-29 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 16:38 . 2010-02-18 16:38 24 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6BB246AD1AC2414D84D13C8F3D38C43.dll
2010-02-18 16:38 . 2010-02-18 16:38 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16CB480C735EED116861000565084666.dll
2010-02-17 06:07 . 2009-08-19 18:18 245 ----a-w- c:\windows\PowerReg.dat
2010-01-25 08:57 . 2009-04-24 06:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-24 12:53 . 2009-12-24 12:51 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-08-11 07:15 . 2009-07-27 14:08 610636 ----a-w- c:\program files\HOSTS
2009-08-11 07:15 . 2009-07-19 03:58 1384 ----a-w- c:\program files\PrivacyPolicy.txt
2009-08-11 07:15 . 2009-07-19 03:56 6293 ----a-w- c:\program files\readme.txt
2009-08-11 07:15 . 2008-12-24 09:07 1615 ----a-w- c:\program files\mvps.bat
2009-08-11 07:15 . 2007-09-06 05:12 794 ----a-w- c:\program files\License.txt
2005-02-16 16:06 . 2010-02-18 16:42 218112 ----a-w- c:\program files\HijackThis.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-04-12_18.28.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-14 04:07 . 2010-04-14 04:07 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
+ 2010-04-13 21:08 . 2010-04-13 21:08 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.15.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2010-04-13 21:09 . 2010-04-13 21:09 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.18.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2010-04-13 21:08 . 2010-04-13 21:08 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2010-04-13 21:08 . 2010-04-13 21:08 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2010-04-13 21:10 . 2010-04-13 21:10 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2010-04-13 21:08 . 2010-04-13 21:08 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2010-04-13 21:08 . 2010-04-13 21:08 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.18.0__ce2cb7e279207b9e\cli_ure.dll
+ 2010-04-13 21:10 . 2010-04-13 21:10 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2007-05-17 13:03 . 2010-04-14 03:57 285312 c:\windows\system32\FNTCACHE.DAT
+ 2010-04-13 21:08 . 2010-04-13 21:08 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.4.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2010-04-13 21:09 . 2010-04-13 21:09 856064 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.4.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2010-04-13 21:12 . 2010-04-13 21:12 7424000 c:\windows\Installer\{6ADD0603-16EF-400D-9F9E-486432835002}\soffice.exe
+ 2010-04-13 21:12 . 2010-04-13 21:12 10174464 c:\windows\Installer\6adbf8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2006-01-11 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Us We\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-10-18 225280]
PowerReg Scheduler.exe [2010-2-17 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/08/2009 2:22 AM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/04/2009 2:12 AM 691696]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
R2 ZTime;ZoneTick Time;c:\program files\ZoneTick\timesync.exe [28/06/2009 1:32 PM 241664]
S2 gupdate1ca09be6c2bae9e;Google Update Service (gupdate1ca09be6c2bae9e);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 12:47 AM 133104]
S3 MTK;Media Technology Kernel Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rpcSsc REG_MULTI_SZ ipokoraid
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 04:46]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac643cd22265a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Us We\Application Data\Mozilla\Firefox\Profiles\ik8rcpim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {F1590D81-A7F5-4F4F-9048-21BC9D7B3611} - c:\documents and settings\Us We\Local Settings\Application Data\{F1590D81-A7F5-4F4F-9048-21BC9D7B3611}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 00:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spyn.sys hal.dll >>UNKNOWN [0x8738E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7703f28
\Driver\ACPI -> ACPI.sys @ 0xf756bcb8
\Driver\atapi -> atapi.sys @ 0xf7526b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf742fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf743ca21
SendHandler -> NDIS.sys @ 0xf741a87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Completion time: 2010-04-14 00:13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-14 04:13
ComboFix2.txt 2010-04-13 19:16
ComboFix3.txt 2010-04-13 05:00
ComboFix4.txt 2010-04-12 18:33
ComboFix5.txt 2010-04-14 03:58

Pre-Run: 35,636,449,280 bytes free
Post-Run: 35,603,451,904 bytes free

- - End Of File - - 4B1ED3D11B586D28DD9ECAB457FF6A3F


Report •

#34
April 14, 2010 at 03:35:44

Delete all the files found by Eset except these type:


C:\System Volume Information\_restore
C:\Qoobox\Quarantine


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Then run eset again and post its log.


Report •

#35
April 14, 2010 at 12:12:28

Man, these ESET scans take upwards of 4 or 5 hours. And I'm not even using my machine while its running. I'll be back tonight with the ESET log.
Thanks so much for sticking with me jabuck. Much, much appreciated. Seems like we're almost through!

Report •

#36
April 14, 2010 at 20:05:31

It is looking better.

Go to add/remove programs and uninstall this:

Security Task Manager 1.7h


Report •

#37
April 14, 2010 at 23:34:34

Unfortunately the last eset scan timed out or something. Came home and computer was frozen. But I suspect it is because someone unknowingly used my computer. Ill run it overnight and post results in the morning.

Everything else is done though. Eset deleted all but the 2 listed types of files, ATF, emptying and creating restore point, spywareblaster, and deleting Security Task Manager 1.7. Seems to be running much better. Very curious to see the next ESET results.

I have a question about the system configuration utility. Should I set it to boot back in Normal Mode or leave it on Selective Startup? Also, should Spywareblaster have some sort of process running? I don't see anything for it unless I have its window open.


Report •

#38
April 15, 2010 at 03:34:46

Set the the system configuration utility back to normal boot.

Spyware blaster is not an application , it is more like a point guard it uses no resources .


Report •

#39
April 15, 2010 at 09:56:47

Sorry for stumbling at the end here and wasting time jabuck. Seems I forgot to untick the "remove found threats' button and so ESET cleaned the 5 files it found. The were all of the type C:\Qoobox\Quarantine. ndisoko.sys was one of them.
They are all currently in ESET's quarantine.

Anything else to do? Everything up to your last post is done including updating to the new version 6 update 20 of java. I also now have Avast running. (Sorry, went with them over AVG. AVG annoyed me too much when i had it last.)


Report •

#40
April 15, 2010 at 10:13:41

I also have a new process running that I've never seen before. BCMSMMSG.exe.
A quick search suggests its for dial up BCM voice modem drivers. Its signed by Microsoft so seems legit. Just curious as to why all of a sudden its running. Perhaps Avast? I noticed that Avast does have a voice notification when something comes up in the system tray (i.e. updated virus definitions).

Report •

#41
April 15, 2010 at 16:35:29

Everything has it annoyances, that does belong to Avast and it will do you a excellent job.

Delete DDS, VirusTotal, OTL and TDSSKiller from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

It is important to run through this again.

Run AFT Cleaner (don't uninstall it, keep it)

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.


Report •

#42
April 15, 2010 at 17:05:13

Done.

Seems everything is running near perfect. No more redirects. Very quick browsing on both firefox and IE. I've also done another scan with ESET (with the "remove found threats" button unticked) and turned up 0 threats! Same thing with Avast's first scan.....0 threats.

So, we done here?
Thanks again jabuck for absolutely everything. Been great
Th


Report •

#43
April 15, 2010 at 17:08:12

Lemme know if there is any last things to do though!

Report •

#44
April 15, 2010 at 17:20:36

That is it...you computer appears to be clean, a fine job you did.

Glad we could help.


Report •

#45
April 15, 2010 at 22:11:38

Thanks again jabuck. A fine job YOU did!
Learned alot from you, and for that I am in your debt.
Take care,

David


Report •

#46
April 15, 2010 at 22:15:23

One last minor question actually!
Do you have any suggestions for a torrent client? Or did you suggest uninstalling utorrent because pretty much ALL torrent clients harbor spyware? I'm big on them and need something. I thought utorrent was the best available.

Report •

#47
December 2, 2010 at 12:36:12

I went into the System 32, drivers, the etc file. Opened host in Notebook and removed anything after the example, To save it I had to save it on the desk top and then replace it in the actual folder. It clear. Used Super anti spyware to remove the files first and I'm hoping it stays clear.

Report •


Ask Question