# mikec20311 infection thread



## mikec20311

Guys I have the exact same problem. Out of nowhere everything said it was crashing and this same program has taken over. I don't know what to do. Is all my stuff gone? I am going to be so mad if it is. I didn't download or even click anything. My virus program avira just popped up randomly with a warning and I clicked to delete the malware. Next thing I know everything is going nuts. I'm on a friend's laptop now. Can I get some help?


----------



## johnb35

Can you download anything?  If not, make sure you run the rkill program first.  Download it from a different computer onto a flash drive and then run it on the infected computer but don't reboot the system.   Then download and run malwarebytes and hijackthis from the following links.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## mikec20311

I actually did a system restore to march 27th and I appear to be ok now. All my stuff is back and I am no longer getting that window repair thing taking over. I was in full blown panic mode for a minute.


----------



## johnb35

Please follow my instructions on downloading and running malwarebytes and hijackthis.  System restore may have temporarily fixed your issue but most likely you are still infected.  Infections like to hide in the system restore files so if you do a system restore, your still infected but the infection may not be active.


----------



## mikec20311

johnb35 said:


> Please follow my instructions on downloading and running malwarebytes and hijackthis.  System restore may have temporarily fixed your issue but most likely you are still infected.  Infections like to hide in the system restore files so if you do a system restore, your still infected but the infection may not be active.


Thanks for the advice John. I'm doing it right now. Will post the logs when done.


----------



## mikec20311

Should I reboot now or do the hijackthis first? 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6242

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/1/2011 8:35:03 PM
mbam-log-2011-04-01 (20-35-03).txt

Scan type: Quick scan
Objects scanned: 164785
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\compaq_owner\local settings\temporary internet files\Content.IE5\E9VQ9787\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


----------



## johnb35

mikec20311 said:


> Should I reboot now or do the hijackthis first?
> 
> Malwarebytes' Anti-Malware 1.50.1.1100
> www.malwarebytes.org
> 
> Database version: 6242
> 
> Windows 5.1.2600 Service Pack 3
> Internet Explorer 8.0.6001.18702
> 
> 4/1/2011 8:35:03 PM
> mbam-log-2011-04-01 (20-35-03).txt
> 
> Scan type: Quick scan
> Objects scanned: 164785
> Time elapsed: 5 minute(s), 41 second(s)
> 
> Memory Processes Infected: 0
> Memory Modules Infected: 0
> Registry Keys Infected: 0
> Registry Values Infected: 0
> Registry Data Items Infected: 0
> Folders Infected: 0
> Files Infected: 1
> 
> Memory Processes Infected:
> (No malicious items detected)
> 
> Memory Modules Infected:
> (No malicious items detected)
> 
> Registry Keys Infected:
> (No malicious items detected)
> 
> Registry Values Infected:
> (No malicious items detected)
> 
> Registry Data Items Infected:
> (No malicious items detected)
> 
> Folders Infected:
> (No malicious items detected)
> 
> Files Infected:
> c:\documents and settings\compaq_owner\local settings\temporary internet files\Content.IE5\E9VQ9787\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Go ahead and reboot and then do hijackthis.  

Note: I'm moving your posts and my replys to a new thread as to avoid confusion as we have 3 different users with issues in this thread.  The thread will be titled in your name.

Post the hijackthis log in the new thread i make.


----------



## mikec20311

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:50 PM, on 4/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9e3e97bc020a6) (gupdate1c9e3e97bc020a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 10529 bytes


----------



## johnb35

Rerun hijackthis and place checks next to the following entries.

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Then click on fix checked at the bottom.

You are also running old/outdated adobe reader software and need to uninstall it and then download the latest version of adobe reader.

Go into add/remove programs in control panel and uninstall adobe reader 7.  And then go here to download the latest version.

http://get.adobe.com/reader/?promoid=BUIGO

Uncheck mcafee security scan before downloading though.


----------



## mikec20311

Just finished that john. Do you think I'm ok now? Thanks again for your help.


----------



## johnb35

I missed one. Please have hijackthis fix this entry as well.

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 

Then you are good to go.  Let me know if you have any more issues.


----------



## mikec20311

well actually I still have some kind of problem. I can hear ads or a movie on my speakers. strange stuff. I don't have anything opened. just rebooted. and then I have gotten these script errors. (no browser is open)


----------



## mikec20311

If I close the script error all the stuff on my speakers go away. very strange


----------



## mikec20311

I took a printscreen shot of it. don't know how to put it on here though


----------



## johnb35

In that case, do this.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## johnb35

mikec20311 said:


> I took a printscreen shot of it. don't know how to put it on here though



Do you have a file sharing site account like imageshack or photobucket?  You can upload it there and give me the link to it.  Or save the screen shot as jpg and attach it to your reply.


----------



## mikec20311

pic


----------



## mikec20311

here is another that just popped up and I have a warning from combofix. I don't even use AVG or didn't know it was still on here. how do I turn it off?


----------



## johnb35

Download and run AVG's removal tool 

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1184.exe

And then rerun combofix.

You will also need to disable avira realtime scanning before running combofix.


----------



## mikec20311

I have ran that avg removal tool a couple times and even rebooted. combofix is still giving me that pop up. I disable avira too. what can I do?


----------



## mikec20311

I went into my control panel add/remove programs and avg doesn't even show up. I had it on here a long time ago but it's been gone for a long time.


----------



## johnb35

Post an uninstall list using hijackthis.  Open hijackthis. click on open misc tools section, click on open uninstall manager, click on save list and save it to your desktop.  then just copy and paste it back here.


----------



## mikec20311

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 3
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Bing Bar
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CCleaner
CDDRV_Installer
Choice Guard
Chuzzle Deluxe from Compaq (remove only)
Compaq Connections (remove only)
Compaq Game Console and games
Compaq Organize
Coupon Printer for Windows
Crystal Maze from Compaq (remove only)
Customer Experience Enhancement
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FATE from Compaq (remove only)
Full Tilt Poker
Google Chrome
Google Update Helper
HDDlife 3.0 Google Desktop Gadget
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Photo Creations
HP Update
HPDiagnosticAlert
Insaniquarium Deluxe from Compaq (remove only)
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Joulemeter
Junk Mail filter update
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LimeWire 5.5.13
Linksys Wireless Manager
Logitech Desktop Messenger
Logitech SetPoint
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.16)
MSA20XX Device Manager
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Network Magic
OpenOffice.org 2.0
Picasa 3
PokerStars
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Puzzle Express
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Revo Uninstaller 1.85
Ricochet Lost Worlds from Compaq (remove only)
SA30xx Device Manager
SA30xx Media Converter
Sandboxie 3.48
SBR Poker 1.0.0
SCRABBLE from Compaq (remove only)
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shooting Stars Pool from Compaq (remove only)
Shrek 2 Ogre Bowler from Compaq (remove only)
Slingo Deluxe from Compaq (remove only)
Snowboard SuperJam from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 3.0.1
SpeedFan (remove only)
SpywareBlaster 4.2
Super Granny from Compaq (remove only)
SUPERAntiSpyware Professional
Tradewinds from Compaq (remove only)
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6b
WebEx Support Manager for Internet Explorer
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe from Compaq (remove only)


----------



## johnb35

Please go into add/remove programs and uninstall the following entries.  I have a feeling this is where you are getting your script errors from as you have old versions of java installed.  

Coupon Printer for Windows
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Then reboot and go here to download the latest version of java.

http://www.java.com/en/download/ie_manual.jsp?locale=en&host=www.java.com

I'm only gonna be up for a little while longer, have to get up early in the morning for work.  I'll hang on as long as i can to help you tonight.  But may have to finish this tomorrow.


----------



## mikec20311

hey john, i'm uninstalling all that stuff now. hope you're right and that fixes it. I have to leave at 10:45 anyways for work. I'm unlucky and work 11-7 overnight shift.


----------



## johnb35

When you ran the avg removal tool, did it actually complete?  You may have to run it in safe mode.  

Ok then..  After you get done, try running combofix one more time and if it still says avg is installed.

If you can't get combofix to run, then please run the following.

Download DDS from the following location

DDS Download Link

When you click on the above link you will see be brought to a download page. Please click on the Download Now button and a download prompt similar to Figure 1 below.







Click on the Save button. You will now be presented with a screen similar to Figure 2 below asking where you would like to save the file.






Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. Your computer will now download the file to your computer and save it on your Desktop. When it is done downloading you will now find an icon on your desktop that looks like Figure 3 below.







Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so. 

Once you double-click the icon a Windows security warning may also appear asking if you are sure you would like to run the program. This warning is shown in Figure 4 below.






Click on the Run button to start DDS. If no warning appeared, as shown above, then you should just continue reading. 

DDS will now display a small black window providing information as to what DDS is doing on your computer as shown in Figure 5 below.






DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt as shown below.











You will then be shown a small box giving instructions as to what you should do with these files. Feel free to close this message box by pressing the OK button. 

We now need to save the two log files that were created. First click on the DDS.txt window and click on the File menu and then select Save As... menu option. You will now be presented with a screen similar to Figure 8 below asking where you would like to save the file.






Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. The DDS.txt log will now be saved to your Desktop. Now click on the Attach.txt Notepad window and perform the same steps to save that file to your Desktop as well.

Please copy and paste the contents of the dds.txt log and the attach.txt log in your next reply.


I will be looking for your reply tomorrow when I get home from work.


----------



## mikec20311

Thank you very much. I will get all this done. I'm off to work, then bed, and I will be back in the evening.


----------



## mikec20311

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Compaq_Owner at  2:18:37.67 on Sat 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2494.1738 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>] 
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} - hxxps://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\b87x09q4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\b87x09q4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\b87x09q4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.49\npGoogleUpdate2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-30 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 61960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-29 55152]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\binarysense\hddlife 3\hldasvc.exe [2007-8-9 816376]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
S2 gupdate1c9e3e97bc020a6;Google Update Service (gupdate1c9e3e97bc020a6);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-9-10 64816]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-1-1 724736]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-1-8 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-1-8 85696]
.
=============== Created Last 30 ================
.
2011-04-02 02:05:16	--------	d-----w-	C:\32788R22FWJFW.1.tmp
2011-04-02 01:46:00	--------	d-----w-	C:\32788R22FWJFW.0.tmp
2011-04-02 00:48:16	388096	----a-r-	c:\docume~1\compaq~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-02 00:14:19	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2011-04-02 00:14:19	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-03-31 05:18:17	--------	d-----w-	c:\windows\system32\NtmsData
2011-03-09 04:32:56	--------	d-----w-	c:\program files\SBR Poker
.
==================== Find3M  ====================
.
2011-02-09 13:53:52	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53:52	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58:35	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44:37	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02	290048	----a-w-	c:\windows\system32\atmfd.dll
.
============= FINISH:  2:20:39.96 ===============


----------



## mikec20311

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2006 2:36:24 PM
System Uptime: 4/2/2011 2:11:45 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Amberine M
Processor: AMD Sempron(tm) Processor 3500+ | Socket 939 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 85.817 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.195 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP188: 1/1/2011 9:23:29 AM - System Checkpoint
RP189: 1/6/2011 1:21:29 AM - System Checkpoint
RP190: 1/10/2011 5:49:01 PM - System Checkpoint
RP191: 1/11/2011 3:34:30 PM - Software Distribution Service 3.0
RP192: 1/11/2011 7:15:21 PM - Installed Java(TM) 6 Update 23
RP193: 1/17/2011 6:32:05 PM - System Checkpoint
RP194: 1/19/2011 1:46:59 AM - System Checkpoint
RP195: 1/20/2011 2:41:15 AM - System Checkpoint
RP196: 1/21/2011 7:14:50 PM - System Checkpoint
RP197: 1/23/2011 8:45:15 PM - System Checkpoint
RP198: 1/26/2011 12:21:45 AM - System Checkpoint
RP199: 1/28/2011 7:33:39 AM - System Checkpoint
RP200: 1/29/2011 6:09:25 PM - System Checkpoint
RP201: 2/3/2011 6:04:26 PM - System Checkpoint
RP202: 2/5/2011 2:53:38 PM - System Checkpoint
RP203: 2/6/2011 7:44:15 PM - System Checkpoint
RP204: 2/7/2011 9:26:17 PM - System Checkpoint
RP205: 2/9/2011 7:56:31 PM - System Checkpoint
RP206: 2/10/2011 3:00:27 AM - Software Distribution Service 3.0
RP207: 2/11/2011 9:43:50 PM - System Checkpoint
RP208: 2/13/2011 6:18:38 PM - System Checkpoint
RP209: 2/14/2011 10:01:13 PM - System Checkpoint
RP210: 2/16/2011 12:38:12 AM - System Checkpoint
RP211: 2/17/2011 2:59:33 AM - System Checkpoint
RP212: 2/18/2011 9:28:12 PM - System Checkpoint
RP213: 2/22/2011 6:37:30 PM - System Checkpoint
RP214: 2/23/2011 10:48:30 PM - System Checkpoint
RP215: 2/25/2011 7:17:43 PM - System Checkpoint
RP216: 2/26/2011 8:50:51 PM - System Checkpoint
RP217: 2/28/2011 7:20:36 PM - System Checkpoint
RP218: 3/1/2011 11:27:19 PM - System Checkpoint
RP219: 3/3/2011 4:48:16 AM - System Checkpoint
RP220: 3/6/2011 9:30:11 PM - System Checkpoint
RP221: 3/8/2011 3:00:17 AM - Software Distribution Service 3.0
RP222: 3/9/2011 1:22:55 AM - Software Distribution Service 3.0
RP223: 3/12/2011 12:47:18 PM - System Checkpoint
RP224: 3/16/2011 11:02:48 AM - Software Distribution Service 3.0
RP225: 3/17/2011 10:40:04 PM - System Checkpoint
RP226: 3/22/2011 7:11:23 PM - System Checkpoint
RP227: 3/22/2011 10:41:43 PM - Software Distribution Service 3.0
RP228: 3/23/2011 3:40:10 PM - Software Distribution Service 3.0
RP229: 3/24/2011 9:58:37 PM - System Checkpoint
RP230: 3/27/2011 10:21:40 PM - System Checkpoint
RP231: 3/30/2011 6:04:55 PM - System Checkpoint
RP232: 4/1/2011 8:11:03 PM - Restore Operation
RP233: 4/1/2011 8:48:11 PM - Installed HiJackThis
RP234: 4/1/2011 9:12:44 PM - Removed Adobe Reader 7.1.0
RP235: 4/1/2011 9:25:59 PM - Installed Adobe Reader X (10.0.1).
RP236: 4/1/2011 10:26:25 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP237: 4/1/2011 10:27:16 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP238: 4/1/2011 10:28:06 PM - Removed J2SE Runtime Environment 5.0 Update 5
RP239: 4/1/2011 10:29:01 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP240: 4/1/2011 10:29:54 PM - Removed J2SE Runtime Environment 5.0 Update 9
RP241: 4/1/2011 10:30:54 PM - Removed Java(TM) 6 Update 2
RP242: 4/1/2011 10:32:02 PM - Removed Java(TM) 6 Update 20
RP243: 4/1/2011 10:33:05 PM - Removed Java(TM) 6 Update 3
RP244: 4/1/2011 10:33:57 PM - Removed Java(TM) 6 Update 5
RP245: 4/1/2011 10:34:55 PM - Removed Java(TM) 6 Update 7
RP246: 4/1/2011 10:35:51 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 3
ATI Control Panel
ATI Display Driver
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Bing Bar
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
BufferChm
CCleaner
CDDRV_Installer
Choice Guard
Chuzzle Deluxe from Compaq (remove only)
Cisco Network Magic
Compaq Connections (remove only)
Compaq Game Console and games
Compaq Organize
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from Compaq (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FATE from Compaq (remove only)
Full Tilt Poker
FullDPAppQFolder
Google Chrome
Google Update Helper
HDDlife 3.0 Google Desktop Gadget
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Photo Creations
HP Update
HPDiagnosticAlert
HpSdpAppCoreApp
Insaniquarium Deluxe from Compaq (remove only)
InstantShareDevices
InterVideo WinDVD Player
Joulemeter
Junk Mail filter update
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LightScribe  1.4.52.1
LimeWire 5.5.13
Linksys Wireless Manager
Logitech Desktop Messenger
Logitech SetPoint
magicJack
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.16)
MSA20XX Device Manager
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Network Magic
OpenOffice.org 2.0
PhotoGallery
Picasa 3
PokerStars
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Pure Networks Platform
Puzzle Express
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RealPlayer
Revo Uninstaller 1.85
Ricochet Lost Worlds from Compaq (remove only)
SA30xx Device Manager
SA30xx Media Converter
Sandboxie 3.48
SBR Poker 1.0.0
SCRABBLE from Compaq (remove only)
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shooting Stars Pool from Compaq (remove only)
Shrek 2 Ogre Bowler from Compaq (remove only)
SkinsHP1
Slingo Deluxe from Compaq (remove only)
Snowboard SuperJam from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SopCast 3.0.1
SpeedFan (remove only)
SpywareBlaster 4.2
Super Granny from Compaq (remove only)
SUPERAntiSpyware Professional
Tradewinds from Compaq (remove only)
Trillian
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6b
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe from Compaq (remove only)
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 2:09:22 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AmdK8 avgio avipbb Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
4/2/2011 2:09:22 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001]  - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
4/2/2011 2:08:57 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/2/2011 2:08:50 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/1/2011 10:39:06 PM, error: Service Control Manager [7034]  - The Joulemeter Service service terminated unexpectedly.  It has done this 1 time(s).
4/1/2011 10:38:59 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ftsata2
4/1/2011 10:32:41 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
.
==== End Of File ===========================


----------



## mikec20311

Now anything I attempt to search for in a search engine gets redirected. and I have repeatedly tried to uninstall avg in normal and safe mode. no luck. The strange thing is I have ran combofix before. I had a bad virus problem like a year ago and was able to use it.


----------



## mikec20311

well i've done a lot or messing around and probably done more harm than good. now my avira has been shut down and it will not re-activate the guard. stupid I know but been in panic mode. I know for sure the thing I got was "windows repair" some rogue thing and I've searched around and it's been popular the last few days. It's really tricky too. I still don't know what the heck happened. I didn't even open anything. I know I'll never surf without the sandboxie again.


----------



## johnb35

OK, I know why Combofix is saying avg is still installed.  There is an AVG toolbar entry in your dds log. Combofix still won't run with only the toolbar installed, it don't like any avg products.  Combofix never used to be like this.  So here are your options.

1.  See if you have a directory labeled AVG in C:\program files.  If you do, you can download and run revo uninstaller.

http://www.revouninstaller.com/

Open the program and click on forced uninstall up top.  In the box that is labeled "full path to programs file or folder".  Type c:\program files\avg and then press next.  It will scan for left over files and give you the option to delete them.

2.  Reinstall AVG and then totally uninstall it again using the avg removal tool



In the mean time.  Please run the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.


----------



## mikec20311

tried the revo uninstaller, couldn't find any avg directories. just tried reinstalling avg and uninstalling it with the tool and combofix still won't run. same message about avg. I'm now about to download and run tds


----------



## mikec20311

I'm running tds and absolutely nothing happens. When I click run it just goes away and nothing happens. I have tried several times. I tried in safe mode too.


----------



## mikec20311

did a full scan on mbam. got some stuff

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6245

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2011 1:58:35 AM
mbam-log-2011-04-03 (01-58-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 293448
Time elapsed: 2 hour(s), 11 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP232\A0055146.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP232\A0055156.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP231\A0054137.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.


----------



## johnb35

Are you comforatable editing the registry?  You can enter the registry and go to find and have it look for this string {A057A204-BACC-4D26-9990-79A187E2698E}, which is the avg toolbar, and delete it, then keep pressing F3 to find next instance of that string and delete it and keep going until its done searching the registry.  

Or if you want to, You can download a program called teamviewer and I can access your system and do it for you.  Just let me know.


----------



## mikec20311

hey john I will download the teamviewer. i'm on the road right now but headed home very soon. can you give me the link to get it?


----------



## johnb35

http://www.teamviewer.com/en/index.aspx

Click on where it says "start full version, its free" to download the file. and then run it.


----------



## mikec20311

just downloaded team viewer. ready to go. what's next?


----------



## mikec20311

do I just run it or install?


----------



## johnb35

install it.  And then at the end it should open and give you your id number and password.  I would need both of those to access your system.


----------



## mikec20311

I have it. Is there a way to privately give you that? Do they have pm's on this board?


----------



## johnb35

You can email your id and password.  edited out


----------



## mikec20311

just sent the email from


----------



## johnb35

Let me know if combofix finally runs.  I think it will now.


----------



## mikec20311

thanks so much. combofix is running. says it detected a rootkit and had to reboot


----------



## johnb35

Good job.  When its done, please post its log along with a fresh hijackthis log.


----------



## mikec20311

ComboFix 11-04-03.01 - Compaq_Owner 04/03/2011  20:25:23.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2494.2064 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\install
c:\restoration\Restoration.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected 
Restored copy from - Kitty had a snack  
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\TeamViewer
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\program files\TeamViewer
2011-04-03 05:57 . 2011-04-03 05:57	--------	d-----w-	C:\$AVG
2011-04-02 23:45 . 2011-04-02 23:45	--------	d-----w-	c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar
2011-04-02 23:36 . 2011-04-02 23:36	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\AVG10
2011-04-02 23:35 . 2011-04-02 23:35	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2011-04-02 22:58 . 2011-04-03 00:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2011-04-02 13:24 . 2010-03-01 14:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-02 13:24 . 2010-02-16 18:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-02 13:24 . 2009-05-11 16:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-04-02 13:24 . 2009-05-11 16:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-04-02 13:24 . 2011-04-02 13:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2011-04-02 12:51 . 2011-04-02 13:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2011-04-02 02:05 . 2011-04-02 02:06	--------	d-----w-	C:\32788R22FWJFW.1.tmp
2011-04-02 01:26 . 2011-04-02 01:26	--------	d-----w-	c:\program files\Common Files\Adobe
2011-04-02 01:21 . 2011-04-02 01:21	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-04-02 00:48 . 2011-04-02 00:48	388096	----a-r-	c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 00:14 . 2011-04-02 00:14	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-03-31 05:18 . 2011-04-02 00:13	--------	d-----w-	c:\windows\system32\NtmsData
2011-03-09 04:32 . 2011-03-30 04:53	--------	d-----w-	c:\program files\SBR Poker
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 12:00	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 12:00	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-02 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 23:13	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwPrv"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"BITS"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate1c9e3e97bc020a6;Google Update Service (gupdate1c9e3e97bc020a6);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\Microsoft Research\Joulemeter\JoulemeterService.exe [9/10/2010 7:04 PM 64816]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [1/8/2007 1:59 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [1/8/2007 1:59 PM 85696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-31 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-23 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-09 18:11]
.
2011-04-02 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-09 19:24]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} - hxxps://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b87x09q4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
@SACL=
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
@DACL=(02 0000)
"DLLName"="c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll"
"Asynchronous"=dword:00000000
"Startup"="OnStartup"
"Logon"="OnLogon"
"StartShell"="OnStartShell"
"Logoff"="OnLogoff"
"Shutdown"="OnShutdown"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(924)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\BinarySense\HDDlife 3\hldasvc.exe
c:\program files\BinarySense\HDDlife 3\hldasvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-04-03  20:37:18 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-04 00:37
ComboFix2.txt  2010-02-02 00:57
ComboFix3.txt  2010-01-28 19:57
ComboFix4.txt  2010-01-28 19:42
ComboFix5.txt  2011-04-04 00:19
.
Pre-Run: 91,809,214,464 bytes free
Post-Run: 91,700,035,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F905CD5EF8BFDF6DC42D808AB8C5248C


----------



## mikec20311

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:40 PM, on 4/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9e3e97bc020a6) (gupdate1c9e3e97bc020a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 9649 bytes


----------



## johnb35

That rootkit was most likely causing your redirects. However, there is some cleanup left to do.

Please rerun hijackthis and place checks next to the following entries.

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found

Then click on fix checked.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::

C:\$AVG
c:\documents and settings\Compaq_Owner\Application Data\AVG10
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar

File::

C:\32788R22FWJFW.1.tmp

Reglock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap "
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmi n.dll"
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicy GPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:000000 01
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGP OEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO "
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dl l"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsE x"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Applicatio n)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
@SACL=
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy .dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
@DACL=(02 0000)
"DLLName"="c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll"
"Asynchronous"=dword:00000000
"Startup"="OnStartup"
"Logon"="OnLogon"
"StartShell"="OnStartShell"
"Logoff"="OnLogoff"
"Shutdown"="OnShutdown"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Also post a fresh hijackthis log.


----------



## mikec20311

doing this now. just dropped the notepad thing into combofix. will post the log when done. (I'm using a different computer while posting on here obviously)


----------



## mikec20311

The text that you have entered is too long (216485 characters). Please shorten it to 60000 characters long. Should I email this? It's really huge or I can turn the team viewer thing on again.


----------



## mikec20311

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:06 PM, on 4/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9e3e97bc020a6) (gupdate1c9e3e97bc020a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 8957 bytes


----------



## johnb35

Break up the combofix log into multiple posts if you have to.  Just remember where you left off.  Just copy and paste portions of the log into 2 or 3 posts.


----------



## mikec20311

ComboFix 11-04-03.01 - Compaq_Owner 04/03/2011  21:02:39.6.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2494.2013 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"C:\32788R22FWJFW.1.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\$avg\$VAULT\V_00000001.fil
c:\$avg\$VAULT\V_00000002.fil
c:\$avg\$VAULT\V_00000003.fil
c:\$avg\$VAULT\vvfolder.idx
c:\documents and settings\Compaq_Owner\Application Data\AVG10
c:\documents and settings\Compaq_Owner\Application Data\AVG10\cfgall\usergui.cfg
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\TeamViewer
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\program files\TeamViewer
2011-04-02 23:35 . 2011-04-02 23:35	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2011-04-02 22:58 . 2011-04-03 00:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2011-04-02 13:24 . 2010-03-01 14:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-02 13:24 . 2010-02-16 18:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-02 13:24 . 2009-05-11 16:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-04-02 13:24 . 2009-05-11 16:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-04-02 13:24 . 2011-04-02 13:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2011-04-02 12:51 . 2011-04-02 13:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2011-04-02 02:05 . 2011-04-02 02:06	--------	d-----w-	C:\32788R22FWJFW.1.tmp
2011-04-02 01:26 . 2011-04-02 01:26	--------	d-----w-	c:\program files\Common Files\Adobe
2011-04-02 01:21 . 2011-04-02 01:21	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-04-02 00:48 . 2011-04-02 00:48	388096	----a-r-	c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 00:14 . 2011-04-02 00:14	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-03-31 05:18 . 2011-04-02 00:13	--------	d-----w-	c:\windows\system32\NtmsData
2011-03-09 04:32 . 2011-03-30 04:53	--------	d-----w-	c:\program files\SBR Poker
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 12:00	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 12:00	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2010-01-28_19.40.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02	51008              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2007-11-07 07:19 . 2007-11-07 07:19	54272              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19	54272              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61760              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	53568              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	63296              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	35648              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	62976              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	62976              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	46080              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	46080              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	46592              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	46592              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	64512              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	64512              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	66048              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	66048              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	56832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	56832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	66560              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	66560              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	39936              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	39936              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	38912              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	38912              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 11:07 . 2008-07-29 11:07	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 11:07 . 2008-07-29 11:07	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2007-01-29 08:58 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-10-28 15:07	46080              c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2010-08-27 05:57	99840              c:\windows\system32\srvsvc.dll
+ 2004-08-04 12:00 . 2010-08-17 13:17	58880              c:\windows\system32\spoolsv.exe
+ 2010-12-23 09:21 . 2010-06-14 20:19	40808              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpvplui04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	40808              c:\windows\system32\spool\drivers\w32x86\3\hpvplui04.dll
+ 2011-01-01 14:53 . 2009-08-02 11:54	13931              c:\windows\system32\ReinstallBackups\0005\DriverFiles\RaCoInst.dat
+ 2011-01-01 14:52 . 2009-08-02 11:54	13931              c:\windows\system32\RaCoInst.dat
+ 2010-03-31 04:16 . 2010-03-31 04:16	99176              c:\windows\system32\PresentationHostProxy.dll
+ 2005-06-25 05:43 . 2011-03-13 07:09	77774              c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07	49488              c:\windows\system32\netfxperf.dll
+ 2009-11-06 02:17 . 2009-11-06 02:17	11600              c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-04 19:00 . 2009-11-27 17:11	17920              c:\windows\system32\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07	28672              c:\windows\system32\msvidc32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	11264              c:\windows\system32\msrle32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07	11264              c:\windows\system32\msrle32.dll
- 2004-08-04 12:00 . 2009-03-08 08:31	66560              c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	66560              c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2009-12-21 19:14	55296              c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59	55296              c:\windows\system32\msfeedsbs.dll
+ 2007-06-29 05:21 . 2010-05-22 22:45	84507              c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 12:00 . 2010-12-20 23:59	43520              c:\windows\system32\licmgr10.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 19:00 . 2009-11-27 16:07	48128              c:\windows\system32\iyuv_32.dll
+ 2004-08-04 12:00 . 2010-11-18 18:12	81920              c:\windows\system32\isign32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11	81920              c:\windows\system32\isign32.dll
+ 2004-08-04 12:00 . 2010-06-17 14:03	80384              c:\windows\system32\iccvid.dll
- 2004-08-04 12:00 . 2008-04-14 00:11	80384              c:\windows\system32\iccvid.dll
+ 2011-01-01 14:52 . 2009-08-02 11:54	13931              c:\windows\system32\DRVSTORE\rt2870_33AC29F373666AC05309F1B13B12EB181D15FED3\RaCoInst.dat
+ 2011-01-01 14:54 . 2009-05-13 19:47	25264              c:\windows\system32\DRVSTORE\purendis_2BB5C0100CC7696D211EF8B1803C647F3FC3AE04\purendis.sys
+ 2011-01-01 14:54 . 2009-05-13 19:47	23984              c:\windows\system32\DRVSTORE\pnarp_A922F7B3F866D334887D355D2A481D18B7F7B54E\pnarp.sys
+ 2010-12-23 09:21 . 2010-06-14 20:19	40808              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpvplui04.dll
+ 2010-12-23 09:23 . 2008-04-13 19:47	25856              c:\windows\system32\drivers\usbprint.sys
+ 2011-04-02 13:24 . 2009-05-11 14:12	28520              c:\windows\system32\drivers\ssmdrv.sys
+ 2011-01-01 14:54 . 2009-05-13 19:47	25264              c:\windows\system32\drivers\purendis.sys
+ 2011-01-01 14:54 . 2009-05-13 19:47	23984              c:\windows\system32\drivers\pnarp.sys
+ 2004-08-04 12:00 . 2010-11-02 15:17	40960              c:\windows\system32\drivers\ndproxy.sys
- 2009-06-29 20:47 . 2010-01-07 21:07	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-01-31 05:50 . 2010-12-20 22:09	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-01-30 08:52 . 2010-01-30 08:52	15944              c:\windows\system32\drivers\hitmanpro35.sys
- 2009-06-10 14:12 . 2009-12-21 19:14	12800              c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 14:12 . 2010-12-20 23:59	12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-12-16 00:34 . 2010-10-11 14:59	45568              c:\windows\system32\dllcache\wab.exe
+ 2004-08-04 12:00 . 2008-04-13 18:41	52352              c:\windows\system32\dllcache\volsnap.sys
+ 2010-12-23 09:23 . 2008-04-13 19:47	25856              c:\windows\system32\dllcache\usbprint.sys
+ 2010-08-27 05:57 . 2010-08-27 05:57	99840              c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17	58880              c:\windows\system32\dllcache\spoolsv.exe
+ 2010-12-16 00:37 . 2010-11-02 15:17	40960              c:\windows\system32\dllcache\ndproxy.sys
+ 2009-11-27 17:11 . 2009-11-27 17:11	17920              c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07	28672              c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07	11264              c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	66560              c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2009-03-08 08:31	66560              c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 21:03 . 2009-12-21 19:14	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 21:03 . 2010-12-20 23:59	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	43520              c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07	48128              c:\windows\system32\dllcache\iyuv_32.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12	81920              c:\windows\system32\dllcache\isign32.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30	33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01	86016              c:\windows\system32\dllcache\cabview.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07	84992              c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13	84992              c:\windows\system32\dllcache\avifil32.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37	65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2010-12-09 14:30	33280              c:\windows\system32\csrsrv.dll
+ 2005-06-25 05:32 . 2011-04-01 23:29	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-25 05:32 . 2010-01-25 20:13	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-24 22:25 . 2010-01-25 20:13	32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-24 22:25 . 2011-04-01 23:29	32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-04 12:00 . 2010-01-13 14:01	86016              c:\windows\system32\cabview.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07	84992              c:\windows\system32\avifil32.dll
- 2004-08-04 12:00 . 2009-06-10 14:13	84992              c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2010-03-05 14:37	65536              c:\windows\system32\asycfilt.dll
- 2008-07-29 23:16 . 2008-07-29 23:16	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43	30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 19:55 . 2010-09-23 19:55	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 04:49 . 2008-05-28 04:49	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 05:30 . 2008-05-28 05:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 07:17 . 2010-09-23 07:17	24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 10:19 . 2003-02-21 10:19	24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13688              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13696              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13672              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-03-26 05:54 . 2011-03-26 05:54	21504              c:\windows\Installer\e48a2.msi
+ 2011-04-02 01:21 . 2011-04-02 01:21	28160              c:\windows\Installer\6aace.msi
+ 2010-12-23 09:22 . 2010-12-23 09:22	67927              c:\windows\Installer\{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}\SCLite_Icon.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	23040              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	23040              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	27136              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	27136              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	11264              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	11264              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	12288              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	12288              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-01-06 14:18 . 2010-11-11 01:11	40960              c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2010-01-06 14:18 . 2010-01-07 14:38	40960              c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2010-06-04 12:50 . 2011-03-08 08:01	49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-23 07:04 . 2010-12-23 07:04	34494              c:\windows\Installer\{77010645-5170-4FC3-90E9-9C7EE79E45E4}\_9FECA15D48BDFCD0B3AE85.exe
+ 2010-12-23 07:04 . 2010-12-23 07:04	34494              c:\windows\Installer\{77010645-5170-4FC3-90E9-9C7EE79E45E4}\_43020DF8639DB9B8B6A5CE.exe
+ 2011-03-13 03:08 . 2011-03-13 03:08	45056              c:\windows\Installer\{612F4E20-3661-4D44-AD79-823F1B613FB3}\ARPPRODUCTICON.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	17304              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	35736              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	84896              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	94608              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	49064              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	17824              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	62376              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	64928              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	63384              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	12800              c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	55296              c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	25600              c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	12800              c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	55296              c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	25600              c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	12800              c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	66560              c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	55296              c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	43520              c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	25600              c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	12800              c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	66560              c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	55296              c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	43520              c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	25600              c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-10-14 06:50 . 2010-06-24 12:22	12800              c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-14 06:50 . 2009-03-08 08:31	66560              c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	55296              c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-14 06:50 . 2009-03-08 08:34	43008              c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	25600              c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	12800              c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	55296              c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	25600              c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2009-03-27 21:27 . 2009-11-27 17:11	17920              c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07	48128              c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ec4b4c69\System.Drawing.Design.dll
+ 2010-10-07 22:59 . 2010-10-07 22:59	61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6092b0d8\CustomMarshalers.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	47616              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\012fcd2b394fc97b5668a0d5fa54f95b\WindowsLiveWriter.ni.exe
+ 2010-08-14 04:02 . 2010-08-14 04:02	99840              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7914153c47d04a7886ad77ad90ac3850\WindowsLive.Writer.Api.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-16 16:05 . 2010-08-16 16:05	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-08-15 06:50 . 2010-08-15 06:50	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-15 06:50 . 2010-08-15 06:50	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-13 07:19 . 2010-08-13 07:19	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-14 04:01 . 2010-08-14 04:01	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 03:11 . 2010-06-10 03:11	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-06-29 20:10 . 2009-06-29 20:10	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-07 22:59 . 2010-10-07 22:59	81920              c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-13 07:01 . 2008-04-14 00:11	80384              c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-05-26 20:20 . 2010-01-23 08:11	46080              c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 20:20 . 2010-04-22 22:21	16896              c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 03:12 . 2008-04-14 00:11	65024              c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-04-15 03:35 . 2008-04-14 00:11	84480              c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-02-24 13:59 . 2009-10-28 15:07	46080              c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 13:59 . 2010-01-23 10:40	16896              c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-10 14:26 . 2008-04-14 00:11	32256              c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-02-10 14:25 . 2004-08-04 12:00	25600              c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-02-10 14:25 . 2008-04-14 00:12	11264              c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-02-10 14:25 . 2008-04-14 00:11	47616              c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-02-10 14:25 . 2009-06-10 14:13	84992              c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2010-02-10 14:25 . 2008-04-14 00:12	16896              c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2011-02-10 08:02 . 2009-12-14 07:08	33280              c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-16 02:50 . 2010-06-21 14:46	46080              c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-16 02:50 . 2010-11-05 05:57	16896              c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-16 02:51 . 2008-04-14 00:11	81920              c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-16 02:50 . 2008-04-13 18:57	40576              c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-16 02:46 . 2008-04-14 00:12	46080              c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-09-15 19:12 . 2008-04-14 00:12	57856              c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-14 06:51 . 2008-04-14 00:12	96768              c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-09-29 12:32 . 2010-04-21 13:28	46080              c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 12:32 . 2010-06-23 00:54	16896              c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02	80384              c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-06-10 03:15 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2010-06-10 03:15 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	12800              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	55296              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	25600              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2010-08-13 07:17 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-08-13 07:17 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-10-14 06:51 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-14 06:51 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-08-13 07:02 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-08-13 07:02 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-10-14 06:47 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-14 06:47 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-08-13 07:11 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-08-13 01:13 . 2010-06-18 06:28	16896              c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-08-13 07:11 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-08-13 07:05 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-08-13 07:05 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-10 03:20 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 03:20 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-03-31 12:19 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980182-IE8\update\spcustom.dll
+ 2010-03-31 12:19 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB980182-IE8\spmsg.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	12800              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\xpshims.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	55296              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeedsbs.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	25600              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\jsproxy.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2010-04-15 03:39 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-15 03:16 . 2010-03-05 14:54	16896              c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-15 03:39 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-10 03:16 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 03:16 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52	65536              c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48	86016              c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-02-10 14:37 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-02-10 14:37 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 15:57 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 15:57 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978251\update\spcustom.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978251\spmsg.dll


----------



## mikec20311

+ 2010-02-10 14:26 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10	33280              c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	28672              c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	11264              c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	48128              c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	84992              c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-02-10 14:24 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB977165\update\spcustom.dll
+ 2010-02-10 14:24 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB977165\spmsg.dll
+ 2010-02-24 14:00 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-24 14:00 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-06-10 03:12 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 03:12 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-03-10 19:24 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-10 19:24 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23	17920              c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2010-02-10 14:28 . 2008-07-08 13:02	26488              c:\windows\$hf_mig$\KB971468\update\spcustom.dll
+ 2010-02-10 14:28 . 2008-07-08 13:02	17272              c:\windows\$hf_mig$\KB971468\spmsg.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	12800              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	66560              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	55296              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	43520              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	25600              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 08:09 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 08:09 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29	33280              c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-16 02:51 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-16 02:51 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12	81920              c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-16 00:37 . 2010-11-03 05:55	40960              c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-16 02:50 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-16 02:46 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-16 02:46 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-16 00:34 . 2010-10-11 14:55	45568              c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-11 20:35 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-11 20:35 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	12800              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	66560              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	55296              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	43520              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	25600              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	26488              c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-10 07:47 . 2010-12-09 15:15	16896              c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	17272              c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-14 06:45 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-14 06:45 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB2360131-IE8\update\spcustom.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB2360131-IE8\spmsg.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	12800              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\xpshims.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	66560              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtmled.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	55296              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeedsbs.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	43520              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\licmgr10.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	25600              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\jsproxy.dll
+ 2010-09-15 19:12 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-15 19:12 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19	58880              c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-14 06:51 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05	99840              c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-12-16 02:51 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-16 02:51 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2279986\spmsg.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-14 20:57 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-14 20:57 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-13 07:06 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB2183461-IE8\update\spcustom.dll
+ 2010-08-13 07:06 . 2009-05-26 09:01	17272              c:\windows\$hf_mig$\KB2183461-IE8\spmsg.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	12800              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\xpshims.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	55296              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeedsbs.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	25600              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\jsproxy.dll
+ 2010-08-13 07:06 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-08-13 07:06 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-09-15 19:05 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-09-15 19:05 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	26488              c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	17272              c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-08-13 07:16 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-08-13 07:16 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-08-13 07:11 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-08-13 07:11 . 2009-05-26 11:40	17272              c:\windows\$hf_mig$\KB2079403\spmsg.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-17 00:31 . 2010-08-26 12:52	5120              c:\windows\system32\xpsp4res.dll
+ 2004-08-04 19:00 . 2009-11-27 16:07	8704              c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07	8704              c:\windows\system32\dllcache\tsbyuv.dll
- 2005-12-02 23:27 . 2010-01-13 14:11	4096              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	4096              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07	8704              c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-15 05:50 . 2009-10-15 05:50	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-15 19:12 . 2008-05-03 11:55	2560              c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-02-10 14:25 . 2004-08-04 19:00	8192              c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2010-10-14 06:45 . 2010-07-22 05:57	5120              c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-14 06:51 . 2010-08-13 12:53	5120              c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-22 05:57 . 2010-07-22 05:57	5120              c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53	5120              c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	8704              c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2010-10-14 06:04 . 2010-08-13 12:53	5120              c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52	5120              c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	653120              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	569664              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	161784              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	161784              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-04 12:00 . 2009-12-24 06:59	177664              c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2010-06-18 17:45	293376              c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	293376              c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	916480              c:\windows\system32\wininet.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	916480              c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2010-03-10 06:15	420352              c:\windows\system32\vbscript.dll
- 2004-08-04 12:00 . 2009-03-08 08:33	420352              c:\windows\system32\vbscript.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	406016              c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36	406016              c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2009-10-15 16:28	119808              c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2010-08-27 08:02	119808              c:\windows\system32\t2embed.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	761344              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\unires.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	740864              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\unidrvui.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	372736              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\unidrv.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	220520              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpvplres04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	442728              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpvpldrv04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	264552              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpinksts8911LM.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	232296              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpinksts8911.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	257896              c:\windows\system32\spool\drivers\w32x86\hpdeskjet_1050_j410_0ee2\hpfime50.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	220520              c:\windows\system32\spool\drivers\w32x86\3\hpvplres04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	442728              c:\windows\system32\spool\drivers\w32x86\3\hpvpldrv04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	264552              c:\windows\system32\spool\drivers\w32x86\3\hpinksts8911LM.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	232296              c:\windows\system32\spool\drivers\w32x86\3\hpinksts8911.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	257896              c:\windows\system32\spool\drivers\w32x86\3\hpfime50.dll
+ 2004-08-04 12:00 . 2009-07-27 23:17	135168              c:\windows\system32\shsvcs.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	135168              c:\windows\system32\shsvcs.dll
+ 2004-08-04 12:00 . 2009-12-08 09:23	474112              c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	474112              c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2010-06-30 12:31	149504              c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2010-08-16 08:45	590848              c:\windows\system32\rpcrt4.dll
+ 2011-01-01 14:53 . 2009-08-02 11:57	724736              c:\windows\system32\ReinstallBackups\0005\DriverFiles\rt2870.sys
+ 2011-01-01 14:53 . 2009-08-02 11:54	221184              c:\windows\system32\ReinstallBackups\0005\DriverFiles\RaCoInst.dll
+ 2011-01-01 14:52 . 2009-08-02 11:54	221184              c:\windows\system32\RaCoInst.dll
+ 2010-03-31 04:10 . 2010-03-31 04:10	295264              c:\windows\system32\PresentationHost.exe
+ 2005-06-25 05:43 . 2011-03-13 07:09	458614              c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-11-09 14:52	249856              c:\windows\system32\odbc32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	249856              c:\windows\system32\odbc32.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	206848              c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	206848              c:\windows\system32\occache.dll
+ 2004-08-04 19:00 . 2010-12-09 15:15	718336              c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	611840              c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-03-08 08:32	611840              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-12-16 18:43	343040              c:\windows\system32\mspaint.exe
- 2004-08-04 12:00 . 2008-04-14 00:12	343040              c:\windows\system32\mspaint.exe
+ 2006-11-08 02:03 . 2010-12-20 23:59	602112              c:\windows\system32\msfeeds.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	297808              c:\windows\system32\mscoree.dll
+ 2010-01-29 22:07 . 2010-02-24 14:16	181632              c:\windows\system32\MpSigStub.exe
+ 2006-10-19 01:47 . 2010-03-30 16:24	317440              c:\windows\system32\mp4sdecd.dll
- 2006-10-19 01:47 . 2006-10-19 01:47	317440              c:\windows\system32\MP4SDECD.dll
+ 2004-08-04 12:00 . 2010-09-18 16:23	974848              c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53	974848              c:\windows\system32\mfc42.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53	953856              c:\windows\system32\mfc40u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53	954368              c:\windows\system32\mfc40.dll
+ 2011-03-25 06:22 . 2011-03-25 06:22	235168              c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58	256280              c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
- 2004-08-04 12:00 . 2009-06-25 08:25	730112              c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2010-12-20 17:26	730112              c:\windows\system32\lsasrv.dll
- 2004-08-04 12:00 . 2009-06-25 08:25	301568              c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2010-12-22 12:34	301568              c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2009-12-09 05:53	726528              c:\windows\system32\jscript.dll
- 2004-08-04 12:00 . 2009-06-22 06:44	726528              c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2010-06-09 07:43	692736              c:\windows\system32\inetcomm.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	184320              c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	184320              c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	387584              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	387584              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-12-20 12:55	173568              c:\windows\system32\ie4uinit.exe
+ 2010-12-23 09:21 . 2010-06-14 20:19	264552              c:\windows\system32\hpinksts8911LM.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	232296              c:\windows\system32\hpinksts8911.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	213352              c:\windows\system32\hpinkcoi8911.dll
+ 2005-06-25 05:42 . 2011-02-10 08:58	201736              c:\windows\system32\FNTCACHE.DAT
+ 2011-01-01 14:52 . 2009-08-02 11:57	724736              c:\windows\system32\DRVSTORE\rt2870_33AC29F373666AC05309F1B13B12EB181D15FED3\rt2870.sys
+ 2011-01-01 14:52 . 2009-08-02 11:54	221184              c:\windows\system32\DRVSTORE\rt2870_33AC29F373666AC05309F1B13B12EB181D15FED3\RaCoInst.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	761344              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\unires.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	740864              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\unidrvui.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	372736              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\unidrv.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	220520              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpvplres04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	442728              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpvpldrv04.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	264552              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpinksts8911LM.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	232296              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpinksts8911.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	213352              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpinkcoi8911.dll
+ 2010-12-23 09:21 . 2010-06-14 20:19	257896              c:\windows\system32\DRVSTORE\hpvpl04_140AACF33B2137611B3A406D31D2A25EB7F6ADA5\i386\hpfime50.dll
+ 2004-08-04 12:00 . 2010-02-11 12:02	226880              c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2010-08-26 13:39	357248              c:\windows\system32\drivers\srv.sys
+ 2011-01-01 14:52 . 2009-08-02 11:57	724736              c:\windows\system32\drivers\rt2870.sys
+ 2004-08-04 12:00 . 2010-02-24 13:11	455680              c:\windows\system32\drivers\mrxsmb.sys
+ 2009-04-17 00:31 . 2010-07-12 12:55	218112              c:\windows\system32\dllcache\wordpad.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59	177664              c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45	293376              c:\windows\system32\dllcache\winsrv.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	916480              c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	916480              c:\windows\system32\dllcache\wininet.dll
- 2008-05-09 10:53 . 2009-03-08 08:33	420352              c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15	420352              c:\windows\system32\dllcache\vbscript.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36	406016              c:\windows\system32\dllcache\usp10.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02	226880              c:\windows\system32\dllcache\tcpip6.sys
- 2009-06-16 14:36 . 2009-10-15 16:28	119808              c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02	119808              c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 22:03 . 2010-08-26 13:39	357248              c:\windows\system32\dllcache\srv.sys
+ 2009-07-27 23:17 . 2009-07-27 23:17	135168              c:\windows\system32\dllcache\shsvcs.dll
- 2009-01-07 22:20 . 2009-01-07 22:20	474112              c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 22:20 . 2009-12-08 09:23	474112              c:\windows\system32\dllcache\shlwapi.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44	439296              c:\windows\system32\dllcache\shimgvw.dll
+ 2008-12-05 06:54 . 2010-06-30 12:31	149504              c:\windows\system32\dllcache\schannel.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53	270848              c:\windows\system32\dllcache\sbe.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45	590848              c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	249856              c:\windows\system32\dllcache\odbc32.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	206848              c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	206848              c:\windows\system32\dllcache\occache.dll
+ 2009-04-17 00:47 . 2010-12-09 15:15	718336              c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	611840              c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2009-03-08 08:32	611840              c:\windows\system32\dllcache\mstime.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43	343040              c:\windows\system32\dllcache\mspaint.exe
+ 2010-11-09 14:52 . 2010-11-09 14:52	102400              c:\windows\system32\dllcache\msjro.dll
+ 2007-05-09 21:03 . 2010-12-20 23:59	602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	200704              c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	180224              c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	536576              c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	143360              c:\windows\system32\dllcache\msadco.dll
+ 2008-11-12 14:52 . 2010-02-24 13:11	455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-03-30 16:24 . 2010-03-30 16:24	317440              c:\windows\system32\dllcache\mp4sdecd.dll
+ 2004-08-04 12:00 . 2010-09-18 16:23	974848              c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 06:09 . 2010-09-18 06:53	974848              c:\windows\system32\dllcache\mfc42.dll
+ 2010-10-14 06:09 . 2010-09-18 06:53	953856              c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53	954368              c:\windows\system32\dllcache\mfc40.dll
- 2009-04-17 00:47 . 2009-06-25 08:25	730112              c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-17 00:47 . 2010-12-20 17:26	730112              c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57	677888              c:\windows\system32\dllcache\lhmstsc.exe
- 2009-06-25 08:25 . 2009-06-25 08:25	301568              c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34	301568              c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53	726528              c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44	726528              c:\windows\system32\dllcache\jscript.dll
+ 2008-09-27 01:11 . 2010-06-09 07:43	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-10 14:12 . 2010-12-20 23:59	247808              c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	184320              c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	184320              c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 02:31 . 2010-12-20 23:59	743424              c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 12:00 . 2009-12-21 19:14	387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-12-20 12:55	173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-07-14 15:43 . 2010-06-14 14:31	744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2011-02-09 13:53 . 2011-02-09 13:53	186880              c:\windows\system32\dllcache\encdec.dll
+ 2004-08-04 19:00 . 2008-04-14 00:11	640000              c:\windows\system32\dllcache\dbghelp.dll
+ 2010-10-14 06:08 . 2010-08-23 16:12	617472              c:\windows\system32\dllcache\comctl32.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09	290048              c:\windows\system32\dllcache\atmfd.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33	100864              c:\windows\system32\dllcache\6to4svc.dll
+ 2010-05-11 23:26 . 2010-11-12 23:53	472808              c:\windows\system32\deployJava1.dll
+ 2004-08-04 12:00 . 2010-08-23 16:12	617472              c:\windows\system32\comctl32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11	617472              c:\windows\system32\comctl32.dll
+ 2004-08-04 12:00 . 2010-02-12 04:33	100864              c:\windows\system32\6to4svc.dll
- 2004-08-04 12:00 . 2008-04-14 00:12	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2004-08-04 12:00 . 2010-06-14 14:31	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 04:16 . 2010-03-31 04:16	130408              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 23:16 . 2008-07-29 23:16	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43	435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 03:51 . 2009-08-08 03:51	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2008-05-28 04:49 . 2008-05-28 04:49	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 04:48 . 2008-05-28 04:48	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 05:30 . 2008-05-28 05:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-04-19 03:17 . 2010-08-17 20:34	780256              c:\windows\Installer\SandboxieInstall32.exe
+ 2010-02-02 02:05 . 2010-02-02 02:04	642571              c:\windows\Installer\SandboxieInstall.exe
+ 2010-01-29 21:51 . 2010-01-29 21:51	301056              c:\windows\Installer\d200e8.msi
+ 2010-12-23 07:04 . 2010-12-23 07:04	647680              c:\windows\Installer\874681.msi
+ 2010-11-12 16:08 . 2010-11-12 16:08	889344              c:\windows\Installer\7db484.msp
+ 2011-03-13 03:08 . 2011-03-13 03:08	953344              c:\windows\Installer\22d82ab.msi
+ 2010-12-23 09:23 . 2010-12-23 09:23	165888              c:\windows\Installer\1dc34c.msi
+ 2010-12-23 09:22 . 2010-12-23 09:22	231936              c:\windows\Installer\1dc335.msi
+ 2010-12-23 09:22 . 2010-12-23 09:22	117248              c:\windows\Installer\1dc32f.msi
+ 2010-09-24 01:02 . 2010-09-24 01:02	798208              c:\windows\Installer\19dc37f.msp
+ 2010-02-25 04:14 . 2010-02-25 04:14	543232              c:\windows\Installer\1335a7d.msp
+ 2011-02-05 23:03 . 2011-02-05 23:03	361984              c:\windows\Installer\11b1939.msi
+ 2010-06-07 19:23 . 2010-06-07 19:23	219648              c:\windows\Installer\119b063.msi
+ 2011-03-23 02:42 . 2011-03-23 02:42	988160              c:\windows\Installer\1082ab6.msi
+ 2011-01-01 14:56 . 2011-01-01 14:56	472112              c:\windows\Installer\{9576C428-7258-4B59-961C-439925E6AF8F}\NmApp.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	409600              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	409600              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	286720              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	286720              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	249856              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	249856              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	794624              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	794624              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-02 23:27 . 2011-03-09 06:23	135168              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-02 23:27 . 2010-01-13 14:11	135168              c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-01-06 14:18 . 2010-11-11 01:11	135168              c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-01-06 14:18 . 2010-01-07 14:38	135168              c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-03-13 03:08 . 2011-03-13 03:08	102400              c:\windows\Installer\{612F4E20-3661-4D44-AD79-823F1B613FB3}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	390552              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	101288              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	135568              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	681872              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	104344              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	702352              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	294808              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	205720              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	916480              c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-10 03:15 . 2010-02-22 14:23	382840              c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-10 03:15 . 2008-07-08 13:02	231288              c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-10 03:15 . 2010-02-25 06:24	206848              c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	611840              c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	594432              c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	247808              c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	184320              c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-10 03:15 . 2009-03-08 08:35	742912              c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	387584              c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-10 03:15 . 2010-02-24 09:54	173056              c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-04-15 03:35 . 2009-03-08 08:33	420352              c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	231288              c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-03-31 12:18 . 2009-12-21 19:14	916480              c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-03-31 12:18 . 2009-05-26 11:40	382840              c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-03-31 12:18 . 2009-05-26 11:40	231288              c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-03-31 12:18 . 2009-12-21 19:14	206848              c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-03-31 12:18 . 2009-03-08 08:32	611840              c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	594432              c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	246272              c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	184320              c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	387584              c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-03-31 12:18 . 2009-12-21 13:19	173056              c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-02-24 14:00 . 2008-07-08 13:02	382840              c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 14:00 . 2008-07-08 13:02	231288              c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 14:00 . 2009-06-22 06:44	726528              c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	916480              c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 08:03 . 2010-07-05 13:16	382840              c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15	231288              c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 08:03 . 2010-11-06 00:26	206848              c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	611840              c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	602112              c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	247808              c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	184320              c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	743424              c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	387584              c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 08:03 . 2010-11-03 12:26	173568              c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-16 02:50 . 2010-09-10 05:58	916480              c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-16 02:50 . 2010-07-05 13:16	382840              c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	231288              c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-16 02:50 . 2010-09-10 05:58	206848              c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	611840              c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	602112              c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	247808              c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	184320              c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	743424              c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	387584              c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-16 02:50 . 2010-08-26 12:22	173056              c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-10-14 06:50 . 2010-06-24 12:22	916480              c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-14 06:50 . 2010-07-05 13:16	382840              c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	231288              c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-14 06:50 . 2010-06-24 12:22	206848              c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-14 06:50 . 2010-06-24 12:22	611840              c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	599040              c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	247808              c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	184320              c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	743424              c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	387584              c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-14 06:50 . 2010-06-23 12:08	173056              c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-08-13 07:06 . 2010-05-06 10:41	916480              c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-13 07:06 . 2010-02-22 14:23	382840              c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-13 07:06 . 2009-05-26 09:01	231288              c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-13 07:06 . 2010-05-06 10:41	206848              c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	611840              c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	599040              c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	247808              c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	184320              c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	743424              c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	387584              c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-13 07:06 . 2010-05-05 13:30	173056              c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2008-11-12 14:52 . 2010-02-24 13:11	455680              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-07 23:00 . 2010-10-07 23:00	835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ad3c1ec2\System.Drawing.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6b6913cb\System.Drawing.Design.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5baeb269\CustomMarshalers.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-10-07 23:20 . 2010-10-07 23:20	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\cc98a0bb34f05eb3bc30429130b7ba6f\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	174080              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe895ce852d99bcc39200e22f50c475f\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	594944              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccdaee504d3494430b0751dea03acb7b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	313856              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	843776              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bd7412fc4fd8cdb411afff2e1b938b66\WindowsLive.Writer.Controls.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	428032              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bd374d74bc8f061465a827ebf0766f23\WindowsLive.Writer.Localization.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	319488              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a812032c19d8117ddd79811f36893725\WindowsLive.Writer.Interop.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	152064              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a52489428fbe6cbaf074de2e3e547076\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	119296              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\983055bf880fe42374dc7b9e7dd0757f\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	334848              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8defb545280c0d18edfa3eb1907f9eba\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	117760              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\80201d1a0ecc1382ad4d1612efa3289d\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	322048              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\55bb68b6e840919ce77d5d6ada83a19a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	108544              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5119a460e8e11d670280e1fa289ca6eb\WindowsLive.Writer.Passport.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	851968              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\510eaad39eb70b9144379f5320ba2ef4\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	118784              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\14ae295340c872bf294629b730f82b79\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\07997441f1b95fe5717b8314e487173a\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	145920              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\62ccd318c5daf8720bfb5fcbf272bc3d\WindowsLive.Client.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-16 16:05 . 2010-08-16 16:05	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-14 04:01 . 2010-08-14 04:01	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-14 04:01 . 2010-08-14 04:01	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-07 23:21 . 2010-10-07 23:21	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-08-16 16:03 . 2010-08-16 16:03	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-15 06:50 . 2010-08-15 06:50	633856              c:\windows\assembly


----------



## mikec20311

\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-14 04:03 . 2010-08-14 04:03	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-08-13 07:20 . 2010-08-13 07:20	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-14 04:03 . 2010-08-14 04:03	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-07 23:17 . 2010-10-07 23:17	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 03:11 . 2010-06-10 03:11	970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 03:11 . 2010-06-10 03:11	438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-06-29 20:10 . 2009-06-29 20:10	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-10 03:11 . 2010-06-10 03:11	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-15 19:12 . 2009-04-15 14:51	585216              c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-08-13 07:17 . 2009-12-31 16:50	353792              c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-08-13 07:17 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-08-13 07:17 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2009-10-15 16:28	119808              c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-14 06:51 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-08-13 07:02 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-08-13 07:02 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-14 06:47 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-14 06:47 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-08-13 07:11 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-08-13 07:11 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-05-26 20:20 . 2009-05-26 09:01	382840              c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 20:20 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-09-15 19:11 . 2008-04-14 00:12	406016              c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-08-13 07:05 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-08-13 07:05 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-08-13 07:05 . 2009-06-25 08:25	147456              c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	382840              c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 03:39 . 2009-12-04 18:22	455424              c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-10 03:20 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 03:20 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 03:20 . 2008-04-14 00:09	285696              c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	382840              c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-10-14 06:50 . 2008-04-21 12:08	215552              c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-14 06:50 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2010-04-15 03:39 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 03:39 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-10 03:16 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 03:16 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 03:12 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-02-24 13:59 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 13:59 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-10 14:37 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-02-10 14:37 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-02-10 14:37 . 2008-04-14 00:12	343040              c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2010-06-10 03:12 . 2007-07-28 03:11	382840              c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 03:12 . 2007-07-28 03:11	231288              c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-04-15 03:35 . 2008-04-14 00:12	176640              c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-15 03:35 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 15:57 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 15:57 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 15:57 . 2008-04-11 19:04	691712              c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 03:36 . 2008-06-20 11:08	225856              c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 03:36 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 03:36 . 2008-04-14 00:11	100352              c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
+ 2010-02-10 14:25 . 2008-10-24 11:21	455296              c:\windows\$NtUninstallKB978251$\mrxsmb.sys
+ 2010-02-10 14:26 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-04-15 03:36 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-02-10 14:24 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll
+ 2010-02-10 14:24 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
+ 2010-02-10 14:26 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-02-10 14:26 . 2008-04-14 00:12	474112              c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 03:12 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-03-10 19:24 . 2009-05-26 22:10	382840              c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-10 19:24 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2010-09-15 19:13 . 2007-07-28 03:11	382840              c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-15 19:13 . 2007-07-28 03:11	231288              c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-15 19:13 . 2006-10-19 01:47	317440              c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll
+ 2010-02-10 14:28 . 2008-12-11 10:57	333952              c:\windows\$NtUninstallKB971468$\srv.sys
+ 2010-02-10 14:28 . 2008-07-08 13:02	382840              c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-02-10 14:28 . 2008-07-08 13:02	231288              c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 08:08 . 2010-10-28 13:13	290048              c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 08:08 . 2008-04-14 00:12	438272              c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 08:09 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 08:09 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 08:09 . 2009-06-25 08:25	301568              c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 08:02 . 2009-06-25 08:25	730112              c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2010-12-16 02:50 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-16 02:51 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-16 02:51 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-16 02:46 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-16 02:46 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-11 20:35 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-11 20:35 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-11 20:35 . 2008-04-14 00:12	249856              c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-11 20:35 . 2008-04-14 00:12	102400              c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-11 20:35 . 2008-04-14 00:11	200704              c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-11 20:35 . 2008-04-14 00:11	180224              c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-11 20:35 . 2008-04-14 00:11	536576              c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-11 20:35 . 2008-04-14 00:11	143360              c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 08:02 . 2009-02-09 12:10	714752              c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2006-10-14 08:13	981760              c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-14 06:51 . 2008-04-14 00:11	927504              c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-14 06:51 . 2004-08-04 12:00	924432              c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-14 06:51 . 2007-07-28 03:11	382840              c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2007-07-28 03:11	231288              c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-14 06:45 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-14 06:45 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-14 06:45 . 2010-07-22 15:49	590848              c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-09-15 19:12 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-15 19:12 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2010-06-21 15:27	354304              c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-14 06:51 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-12-16 02:51 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-16 02:51 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-16 02:51 . 2010-09-01 11:51	285824              c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2010-10-14 06:51 . 2009-05-26 09:01	382840              c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2008-04-14 00:11	617472              c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2010-07-05 13:16	382840              c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-14 06:51 . 2010-04-20 05:30	285696              c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	382840              c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	231288              c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-14 20:57 . 2010-02-22 23:53	382840              c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-14 20:57 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-14 20:57 . 2008-04-14 00:12	744448              c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-13 07:06 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-08-13 07:06 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-09-29 12:32 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 12:32 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-15 19:05 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-09-15 19:05 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-09-15 19:05 . 2010-01-29 15:01	691712              c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-09-15 19:12 . 2008-04-14 00:12	293376              c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	382840              c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	231288              c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-08-13 07:16 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-08-13 07:16 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-08-13 07:11 . 2009-05-26 11:40	382840              c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-08-13 07:11 . 2009-05-26 11:40	231288              c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-15 19:12 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-15 19:12 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13	590848              c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-08-13 07:01 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-08-13 07:01 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-06-10 03:15 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2010-06-10 03:15 . 2008-07-08 13:02	755576              c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2010-06-10 03:15 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2010-06-10 02:31 . 2010-05-06 10:36	919040              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	206848              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	611840              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	599040              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	247808              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	184320              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	743424              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	387584              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2010-06-10 02:31 . 2010-05-05 13:55	173056              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2010-08-13 07:17 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-08-13 07:17 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-08-13 07:17 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-08-13 01:15 . 2010-06-21 14:18	354304              c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-14 06:51 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-14 06:51 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-14 06:51 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01	119808              c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-08-13 07:02 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-08-13 07:02 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-08-13 07:02 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-14 06:47 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-14 06:47 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-14 06:47 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-08-13 07:11 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-08-13 07:11 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-08-13 07:11 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2010-04-15 03:35 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2010-04-15 03:15 . 2010-03-10 06:18	420352              c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-15 19:11 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-15 19:11 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29	406016              c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-08-13 07:05 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-08-13 07:05 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-08-13 07:05 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23	149504              c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	382840              c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 03:39 . 2009-05-26 09:01	755576              c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 03:39 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 03:16 . 2010-02-24 11:57	457216              c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-10 03:20 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 03:20 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 03:20 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37	285824              c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	382840              c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 03:18 . 2008-07-08 13:02	755576              c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 03:18 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-03-31 12:19 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB980182-IE8\update\updspapi.dll
+ 2010-03-31 12:19 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB980182-IE8\update\update.exe
+ 2010-03-31 12:19 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB980182-IE8\spuninst.exe
+ 2010-03-31 12:13 . 2010-02-25 06:19	919040              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	206848              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\occache.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	611840              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mstime.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	594432              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeeds.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	247808              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieproxy.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	184320              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iepeers.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	387584              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iedkcs32.dll
+ 2010-03-31 12:13 . 2010-02-24 09:34	173056              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ie4uinit.exe
+ 2010-10-14 06:50 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-14 06:50 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-14 06:50 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02	218112              c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2010-04-15 03:39 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-15 03:39 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-15 03:39 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-10 03:16 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 03:16 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 03:16 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 03:12 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 03:12 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-15 03:35 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-02-10 14:37 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-02-10 14:37 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-02-10 14:37 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-16 18:27 . 2009-12-16 18:27	343040              c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2010-04-15 03:35 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-15 03:35 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-15 03:35 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42	178176              c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 15:57 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 15:57 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 15:57 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53	691712              c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 03:36 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36	226880              c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27	100864              c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-02-10 14:29 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-02-10 14:29 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978251\update\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978251\update\update.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978251\spuninst.exe
+ 2010-02-10 14:13 . 2009-12-04 17:25	456832              c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
+ 2010-02-10 14:26 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-02-10 14:26 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-04-15 03:36 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 03:36 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 03:36 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-02-10 14:24 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB977165\update\updspapi.dll
+ 2010-02-10 14:24 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB977165\update\update.exe
+ 2010-02-10 14:24 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB977165\spuninst.exe
+ 2010-02-24 14:00 . 2008-07-08 13:02	382840              c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-24 14:00 . 2008-07-08 13:02	755576              c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-24 14:00 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-24 13:10 . 2009-12-09 05:51	726528              c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-02-10 14:26 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-02-10 14:26 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01	474112              c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll


----------



## mikec20311

+ 2010-06-10 03:12 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 03:12 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 03:12 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-03-10 19:24 . 2009-05-26 22:10	382840              c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-10 19:24 . 2008-07-08 13:02	755576              c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-10 19:24 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-02-10 14:25 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-02-10 14:25 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-02-10 14:28 . 2008-07-08 13:02	382840              c:\windows\$hf_mig$\KB971468\update\updspapi.dll
+ 2010-02-10 14:28 . 2008-07-08 13:02	755576              c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-02-10 14:28 . 2008-07-08 13:02	231288              c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-02-10 14:14 . 2010-01-01 07:58	353792              c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09	290048              c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42	439808              c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 08:03 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 08:03 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-10 07:49 . 2010-12-20 23:58	919552              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	206848              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	611840              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	602112              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	247808              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	184320              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	743424              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	387584              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-10 07:49 . 2010-12-20 12:48	173568              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 08:08 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 08:08 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 08:08 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 08:09 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 08:09 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 08:09 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32	301568              c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24	730112              c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2010-12-16 02:50 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-16 02:50 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-16 02:51 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-16 02:51 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-16 02:51 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-16 02:50 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-16 02:50 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-16 02:46 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-16 02:46 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-16 02:46 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-11 20:35 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-11 20:35 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-11 20:35 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50	253952              c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	102400              c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	200704              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	180224              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	565248              c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	143360              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-16 02:50 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-16 02:50 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-16 02:50 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-16 00:38 . 2010-11-06 00:27	919552              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	206848              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	611840              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	602112              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	247808              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	184320              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	743424              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	387584              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-16 00:38 . 2010-11-03 12:01	173568              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 08:02 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 08:02 . 2010-07-05 13:15	231288              c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-10 07:47 . 2010-12-09 15:15	718336              c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-14 06:51 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-14 06:09 . 2010-09-18 07:18	974848              c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-14 06:09 . 2010-09-18 07:18	974848              c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-14 06:09 . 2010-09-18 07:18	953856              c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-14 06:09 . 2010-09-18 07:18	954368              c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-14 06:45 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-14 06:45 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-14 06:45 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-14 06:04 . 2010-08-16 08:43	590848              c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-10-14 06:50 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2360131-IE8\update\updspapi.dll
+ 2010-10-14 06:50 . 2009-05-26 09:01	755576              c:\windows\$hf_mig$\KB2360131-IE8\update\update.exe
+ 2010-10-14 06:50 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB2360131-IE8\spuninst.exe
+ 2010-10-14 06:06 . 2010-09-10 05:57	919552              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	206848              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\occache.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	611840              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mstime.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	602112              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeeds.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	247808              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieproxy.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	184320              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iepeers.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	743424              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedvtool.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	387584              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedkcs32.dll
+ 2010-10-14 06:06 . 2010-09-08 15:48	173056              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ie4uinit.exe
+ 2010-09-15 19:12 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-15 19:12 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-15 19:12 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-14 06:51 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-14 06:51 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37	357248              c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-12-16 02:51 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-16 02:51 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-16 02:51 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08	290048              c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-03 05:03 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-03 05:03 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-14 06:51 . 2010-07-05 13:16	382840              c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-14 06:51 . 2010-07-05 13:15	755576              c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-14 06:51 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48	285824              c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	382840              c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-15 19:13 . 2009-05-26 09:01	755576              c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-15 19:13 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-14 20:57 . 2010-02-22 23:53	382840              c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-14 20:57 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-14 20:57 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 15:43 . 2010-06-14 14:38	744448              c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-08-13 07:06 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2183461-IE8\update\updspapi.dll
+ 2010-08-13 07:06 . 2009-05-26 09:01	755576              c:\windows\$hf_mig$\KB2183461-IE8\update\update.exe
+ 2010-08-13 07:06 . 2009-05-26 09:01	231288              c:\windows\$hf_mig$\KB2183461-IE8\spuninst.exe
+ 2010-08-13 01:12 . 2010-06-24 12:24	919040              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	206848              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\occache.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	611840              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mstime.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	599040              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeeds.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	247808              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieproxy.dll
+ 2010-08-13 01:13 . 2010-06-24 12:24	184320              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iepeers.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	743424              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedvtool.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	387584              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedkcs32.dll
+ 2010-08-13 01:12 . 2010-06-23 11:30	173056              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ie4uinit.exe
+ 2010-08-13 07:06 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-08-13 07:06 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-08-13 07:06 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-09-15 19:05 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-09-15 19:05 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-09-15 19:05 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41	692736              c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	382840              c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-15 19:12 . 2010-02-22 14:23	755576              c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-15 19:12 . 2010-02-22 14:23	231288              c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43	293376              c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-08-13 07:16 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-08-13 07:16 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-08-13 07:16 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-08-13 07:11 . 2009-05-26 11:40	382840              c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-08-13 07:11 . 2009-05-26 11:40	755576              c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-08-13 07:11 . 2009-05-26 11:40	231288              c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2010-10-14 06:08 . 2010-08-23 16:12	1054208              c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	3780424              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	3765048              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	3783672              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	3783672              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05	3768312              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05	3768312              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-08-04 12:00 . 2010-04-06 08:52	2462720              c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2010-12-31 13:10	1854976              c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-12-20 23:59	1210880              c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-01-21 14:44	8462336              c:\windows\system32\shell32.dll
+ 2010-01-21 17:27 . 2011-04-02 00:14	4466768              c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 12:00 . 2010-02-05 18:27	1291776              c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2010-07-16 12:05	1288192              c:\windows\system32\ole32.dll
+ 2004-08-04 19:00 . 2010-12-09 13:42	2148864              c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 19:00 . 2010-12-09 13:07	2027008              c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2010-06-14 07:41	1172480              c:\windows\system32\msxml3.dll
- 2004-08-04 12:00 . 2009-07-31 04:35	1172480              c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	5961216              c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2011-03-25 06:22	6053536              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-10-17 16:57 . 2010-12-20 23:59	1991680              c:\windows\system32\iertutil.dll
+ 2010-12-23 09:22 . 2010-06-14 20:19	1907560              c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
+ 2010-12-02 03:35 . 2010-12-02 03:35	4280320              c:\windows\system32\GPhotos.scr
+ 2010-12-23 09:22 . 2010-06-14 20:19	1907560              c:\windows\system32\DRVSTORE\HPScanMini_45A9650E24EDD26EA7C81D18C45270FEB250A077\drivers\scanner\x32\HPScanMiniDrv_DJ1050_J410.dll
+ 2004-08-04 12:00 . 2010-04-06 08:52	2462720              c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-15 22:02 . 2010-12-31 13:10	1854976              c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-12-20 23:59	1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44	8462336              c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27	1291776              c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05	1288192              c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 22:02 . 2010-12-09 13:38	2192768              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 22:02 . 2010-12-09 13:07	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 22:02 . 2010-12-09 13:07	2069376              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 22:02 . 2010-12-09 13:42	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-11-12 14:52 . 2009-07-31 04:35	1172480              c:\windows\system32\dllcache\msxml3.dll
+ 2008-11-12 14:52 . 2010-06-14 07:41	1172480              c:\windows\system32\dllcache\msxml3.dll
- 2009-08-12 16:58 . 2009-07-10 13:27	1315328              c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 16:58 . 2010-01-29 15:01	1315328              c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59	5961216              c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 17:34 . 2010-06-18 13:36	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2011-02-02 07:58 . 2011-02-02 07:58	2067456              c:\windows\system32\dllcache\lhmstscx.dll
+ 2007-05-09 21:03 . 2010-12-20 23:59	1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06	1130824              c:\windows\system32\dfshim.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 08:59 . 2008-11-25 08:59	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 03:51 . 2009-08-08 03:51	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 04:48 . 2008-05-28 04:48	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 04:43 . 2008-05-28 04:43	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-10-01 22:42 . 2010-10-01 22:42	5054464              c:\windows\Installer\fb3e12.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25	5521408              c:\windows\Installer\fb3dff.msp
+ 2010-08-05 14:57 . 2010-08-05 14:57	4066304              c:\windows\Installer\e39ba2.msp
+ 2010-08-20 17:50 . 2010-08-20 17:50	5518848              c:\windows\Installer\e39b80.msp
+ 2010-08-25 21:06 . 2010-08-25 21:06	6479360              c:\windows\Installer\e39b66.msp
+ 2010-01-19 22:51 . 2010-01-19 22:51	5524480              c:\windows\Installer\d6aa7.msp
+ 2010-01-19 23:29 . 2010-01-19 23:29	5050368              c:\windows\Installer\d6a94.msp
+ 2010-10-22 20:45 . 2010-10-22 20:45	8444928              c:\windows\Installer\7db498.msp
+ 2010-12-06 20:02 . 2010-12-06 20:02	5518848              c:\windows\Installer\7db46c.msp
+ 2011-04-02 01:27 . 2011-04-02 01:27	2283008              c:\windows\Installer\6ab8b.msi
+ 2009-11-09 04:25 . 2009-11-09 04:25	1935360              c:\windows\Installer\62882.msp
+ 2011-04-02 00:48 . 2011-04-02 00:48	1094656              c:\windows\Installer\529ac.msi
+ 2011-01-01 14:56 . 2011-01-01 14:56	7746048              c:\windows\Installer\42a420.msi
+ 2011-01-01 14:55 . 2011-01-01 14:55	1522176              c:\windows\Installer\42a41a.msi
+ 2011-01-01 14:54 . 2011-01-01 14:54	2723328              c:\windows\Installer\42a414.msi
+ 2009-10-16 22:07 . 2009-10-16 22:07	6115328              c:\windows\Installer\38f820.msp
+ 2010-04-21 21:46 . 2010-04-21 21:46	5522432              c:\windows\Installer\38f80d.msp
+ 2010-03-11 16:03 . 2010-03-11 16:03	5524480              c:\windows\Installer\29dffa8.msp
+ 2010-08-23 21:09 . 2010-08-23 21:09	7673344              c:\windows\Installer\285fd3.msp
+ 2010-09-02 16:28 . 2010-09-02 16:28	3749376              c:\windows\Installer\285fc0.msp
+ 2010-10-04 20:32 . 2010-10-04 20:32	5517824              c:\windows\Installer\285fb6.msp
+ 2010-08-24 13:49 . 2010-08-24 13:49	6825472              c:\windows\Installer\285fa3.msp
+ 2011-02-22 15:32 . 2011-02-22 15:32	5520384              c:\windows\Installer\214599f.msp
+ 2010-12-23 09:22 . 2010-12-23 09:22	2523136              c:\windows\Installer\1dc329.msi
+ 2010-09-23 11:39 . 2010-09-23 11:39	4265472              c:\windows\Installer\19dc377.msp
+ 2011-01-17 21:06 . 2011-01-17 21:06	5518848              c:\windows\Installer\17b324.msp
+ 2010-07-20 15:41 . 2010-07-20 15:41	3750912              c:\windows\Installer\149cec7.msp
+ 2010-06-28 20:01 . 2010-06-28 20:01	7677952              c:\windows\Installer\149cebd.msp
+ 2010-06-29 02:53 . 2010-06-29 02:53	6819840              c:\windows\Installer\149ceaa.msp
+ 2010-07-26 21:02 . 2010-07-26 21:02	5519360              c:\windows\Installer\149ce8c.msp
+ 2010-02-04 23:11 . 2010-02-04 23:11	5526528              c:\windows\Installer\13a2e29.msp
+ 2010-01-27 22:53 . 2010-01-27 22:53	6820864              c:\windows\Installer\13a2e16.msp
+ 2010-05-03 20:27 . 2010-05-03 20:27	6825472              c:\windows\Installer\1335b04.msp
+ 2010-05-05 02:25 . 2010-05-05 02:25	7681024              c:\windows\Installer\1335abf.msp
+ 2010-05-10 21:17 . 2010-05-10 21:17	5520896              c:\windows\Installer\1335aac.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	2607104              c:\windows\Installer\1335a8a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	4210688              c:\windows\Installer\1335a89.msp
+ 2010-05-03 20:06 . 2010-05-03 20:06	5053952              c:\windows\Installer\1335a70.msp
+ 2010-05-25 15:45 . 2010-05-25 15:45	8445440              c:\windows\Installer\11d2277.msp
+ 2010-07-01 02:52 . 2010-07-01 02:52	5522944              c:\windows\Installer\11d2263.msp
+ 2007-04-19 18:49 . 2007-04-19 18:49	1661280              c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2010-11-10 16:49 . 2010-11-10 16:49	2207632              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	6222744              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	5503368              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49	1216416              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49	1289624              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2010-06-10 03:15 . 2010-02-25 06:24	1209344              c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	5944832              c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-10 03:15 . 2010-02-25 06:24	1985536              c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	1208832              c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	5942784              c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	1985536              c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	1210880              c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	5959168              c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	1991680              c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	1210880              c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	5957120              c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	1986560              c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-10-14 06:50 . 2010-06-24 12:22	1210368              c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-14 06:50 . 2010-06-24 12:22	5951488              c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-14 06:50 . 2010-06-24 12:21	1986560              c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	1209344              c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	5950976              c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	1985536              c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
+ 2011-03-13 03:08 . 2011-03-13 03:08	2343936              c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{B0C6E9BF-09D1-436C-BFED-8C4391F8D01F}\HP Update.msi
+ 2010-07-07 20:03 . 2010-07-07 20:03	1817600              c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{6EDE20CD-178C-4D5C-A9D1-9B356B2E4EDD}\HP Update.msi
+ 2010-05-03 21:23 . 2010-05-03 21:23	1731880              c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{06248F51-C719-4BCD-88FB-659EE86974D8}\HP Update.msi
+ 2008-10-15 22:02 . 2010-12-09 13:38	2192768              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 22:02 . 2010-12-09 13:07	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 22:02 . 2010-12-09 13:07	2069376              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 22:02 . 2010-12-09 13:42	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-07 22:59 . 2010-10-07 22:59	1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e8f108d9\System.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_081c6fcf\System.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ba6192c7\System.Xml.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_93eb8dde\System.Xml.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_aa6de03e\System.Windows.Forms.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7ef1be5\System.Windows.Forms.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_dd65b57a\System.Drawing.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8950a6dc\System.Design.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_71954e33\System.Design.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e1b31cb4\mscorlib.dll
+ 2010-10-07 23:00 . 2010-10-07 23:00	8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9b5f750b\mscorlib.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	2002432              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b176deba898acbf82d6c8b3ac1e8288f\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	6392832              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\76031ae8240c17333d5fef398ef2b550\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	1105920              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\57dc9b01e6d60337653fb63015e3a17e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-08-13 07:19 . 2010-08-13 07:19	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-13 07:19 . 2010-08-13 07:19	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-07 23:24 . 2010-10-07 23:24	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-07 23:24 . 2010-10-07 23:24	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-07 23:24 . 2010-10-07 23:24	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-07 23:23 . 2010-10-07 23:23	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-07 23:22 . 2010-10-07 23:22	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-08-14 04:01 . 2010-08-14 04:01	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-07 23:17 . 2010-10-07 23:17	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-08-13 07:21 . 2010-08-13 07:21	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-13 07:21 . 2010-08-13 07:21	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-07 23:21 . 2010-10-07 23:21	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-08-14 04:02 . 2010-08-14 04:02	1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-08-13 07:21 . 2010-08-13 07:21	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-13 07:21 . 2010-08-13 07:21	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-13 07:21 . 2010-08-13 07:21	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-13 07:19 . 2010-08-13 07:19	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-07 23:21 . 2010-10-07 23:21	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-16 16:04 . 2010-08-16 16:04	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-14 04:03 . 2010-08-14 04:03	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 13:02 . 2010-06-23 13:02	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-07 23:03 . 2010-10-07 23:03	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-06-29 20:16 . 2009-06-29 20:16	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-06-10 03:11 . 2010-06-10 03:11	5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 13:02 . 2010-06-23 13:02	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 05:49 . 2009-10-15 05:49	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-15 05:50 . 2009-10-15 05:50	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-23 13:02 . 2010-06-23 13:02	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-06-29 20:10 . 2009-06-29 20:10	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-10-07 23:02 . 2010-10-07 23:02	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-07 22:59 . 2010-10-07 22:59	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-15 05:42 . 2009-10-15 05:42	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-15 05:42 . 2009-10-15 05:42	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-07 22:59 . 2010-10-07 22:59	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-13 07:02 . 2009-10-23 15:28	3558912              c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-14 06:47 . 2010-06-23 13:44	1851904              c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-08-13 07:11 . 2010-02-16 14:08	2146304              c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-08-13 07:11 . 2010-02-16 13:25	2024448              c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-08-13 07:11 . 2010-02-16 13:25	2024448              c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-08-13 07:11 . 2010-02-16 14:08	2146304              c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-14 06:50 . 2008-04-14 00:12	1287168              c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2010-04-15 03:39 . 2009-12-08 19:26	2145280              c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 03:39 . 2009-12-08 18:43	2023936              c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 03:39 . 2009-12-08 18:43	2023936              c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 03:39 . 2009-12-08 19:26	2145280              c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-10 03:16 . 2009-08-14 13:21	1850624              c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 03:12 . 2009-05-20 08:56	2458112              c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 15:57 . 2009-07-10 13:27	1315328              c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-02-10 14:24 . 2009-08-04 15:13	2145280              c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
+ 2010-02-10 14:24 . 2009-08-04 14:20	2023936              c:\windows\$NtUninstallKB977165$\ntkrpamp.exe
+ 2010-02-10 14:24 . 2009-08-04 14:20	2023936              c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
+ 2010-02-10 14:24 . 2009-08-04 15:13	2145280              c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe
+ 2010-06-10 03:12 . 2009-11-27 17:11	1291776              c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-03-10 19:24 . 2008-04-14 00:12	3558912              c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-02-10 14:25 . 2009-06-03 19:09	1291264              c:\windows\$NtUninstallKB975560$\quartz.dll
+ 2011-02-10 08:08 . 2010-07-27 06:30	8462336              c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 08:08 . 2010-10-26 13:25	1853312              c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2010-12-16 02:50 . 2010-08-31 13:42	1852800              c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2011-02-10 08:02 . 2010-04-27 13:59	2146304              c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe


----------



## mikec20311

+ 2011-02-10 08:02 . 2010-04-27 13:05	2024448              c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 08:02 . 2010-04-27 13:05	2024448              c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 08:02 . 2010-04-27 13:59	2146304              c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2010-10-14 06:51 . 2008-04-14 00:11	1028096              c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-08-03 05:03 . 2008-06-17 19:02	8461312              c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-08-13 07:06 . 2010-05-02 05:22	1851264              c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-08-13 07:11 . 2009-07-31 04:35	1172480              c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-06-10 02:30 . 2010-05-06 10:36	1209856              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-10 02:30 . 2010-05-06 10:36	5953024              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-10 02:31 . 2010-05-06 10:36	1986048              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-08-13 01:08 . 2010-06-18 13:43	3558912              c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-31 13:38 . 2010-08-31 13:38	1861888              c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-08-13 01:13 . 2010-04-27 13:50	2190080              c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-08-13 01:13 . 2010-04-27 13:14	2024448              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 11:14 . 2010-04-28 11:14	2066944              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-08-13 01:13 . 2010-04-27 13:54	2146304              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-03-31 12:13 . 2010-02-25 06:19	1209856              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\urlmon.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	5946880              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	1986048              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iertutil.dll
+ 2010-07-16 12:04 . 2010-07-16 12:04	1289216              c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2010-04-15 03:16 . 2010-02-16 12:52	2190080              c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-15 03:16 . 2010-02-16 12:12	2024448              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-15 03:16 . 2010-02-16 12:12	2066944              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-15 03:16 . 2010-02-16 12:50	2146304              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 06:34 . 2010-05-02 06:34	1860352              c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53	1315328              c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2009-12-09 04:52 . 2009-12-09 04:52	2189312              c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
+ 2010-02-10 13:56 . 2009-12-08 17:40	2023936              c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe
+ 2009-12-09 04:10 . 2009-12-09 04:10	2066176              c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
+ 2010-02-10 13:56 . 2009-12-08 18:20	2145280              c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe
+ 2010-02-05 18:29 . 2010-02-05 18:29	1291776              c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-03-10 17:34 . 2009-10-23 14:53	3558912              c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-27 17:23 . 2009-11-27 17:23	1291776              c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42	8463360              c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	1211904              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	5962240              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	1992192              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14	1864064              c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27	1862272              c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-16 00:38 . 2010-11-06 00:27	1211904              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	5960704              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-16 00:38 . 2010-11-06 00:27	1992192              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2011-02-10 07:47 . 2010-12-09 13:43	2192768              c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-10 07:47 . 2010-12-09 13:09	2027008              c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39	2069376              c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-10 07:47 . 2010-12-09 13:47	2148864              c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-10-14 06:06 . 2010-09-10 05:57	1211904              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\urlmon.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	5958656              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
+ 2010-10-14 06:06 . 2010-09-10 05:57	1987072              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iertutil.dll
+ 2010-07-27 06:28 . 2010-07-27 06:28	8463360              c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	1211904              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\urlmon.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	5954560              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	1987072              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iertutil.dll
+ 2010-06-24 02:14 . 2010-06-24 02:14	1861120              c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39	1172480              c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2010-06-14 21:01 . 2010-06-14 21:01	12648808              c:\windows\twain_32\HP Deskjet 1050 J410 series\HPScanUI.dll
+ 2004-08-04 12:00 . 2010-08-26 03:36	10841088              c:\windows\system32\wmp.dll
- 2004-08-04 12:00 . 2009-07-14 03:43	10841088              c:\windows\system32\wmp.dll
+ 2006-03-08 23:38 . 2011-03-09 06:24	37943240              c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-12-21 10:29	11080704              c:\windows\system32\ieframe.dll
+ 2004-08-04 12:00 . 2010-08-26 03:36	10841088              c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 12:00 . 2009-07-14 03:43	10841088              c:\windows\system32\dllcache\wmp.dll
+ 2007-05-09 21:03 . 2010-12-21 10:29	11080704              c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-02 23:29 . 2010-04-02 23:29	11413504              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-09-24 18:08 . 2010-09-24 18:08	11430400              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-10-14 21:57 . 2010-10-14 21:57	11189248              c:\windows\Installer\fb3e25.msp
+ 2011-01-30 20:44 . 2011-01-30 20:44	12425728              c:\windows\Installer\6ab8c.msp
+ 2010-12-22 18:39 . 2010-12-22 18:39	20304384              c:\windows\Installer\6a67d8.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23	15638528              c:\windows\Installer\6288f.msp
+ 2010-06-04 12:49 . 2010-06-04 12:49	20242432              c:\windows\Installer\60539.msp
+ 2011-03-08 08:00 . 2011-03-08 08:00	20308992              c:\windows\Installer\20dc06.msp
+ 2010-09-08 05:29 . 2010-09-08 05:29	20303872              c:\windows\Installer\1e441a4.msp
+ 2010-09-24 11:08 . 2010-09-24 11:08	17518080              c:\windows\Installer\19dc36d.msp
+ 2010-05-19 17:08 . 2010-05-19 17:08	11408896              c:\windows\Installer\149ce97.msp
+ 2010-05-11 15:30 . 2010-05-11 15:30	11194880              c:\windows\Installer\1335b0e.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30	17456640              c:\windows\Installer\1335af2.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	14599680              c:\windows\Installer\1335a99.msp
+ 2010-09-29 12:32 . 2010-09-29 12:32	20303872              c:\windows\Installer\110e30.msp
+ 2010-11-10 16:49 . 2010-11-10 16:49	23724952              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2010-06-10 03:15 . 2010-02-25 15:54	11070976              c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-03-31 12:18 . 2009-12-21 19:14	11070464              c:\windows\ie8updates\KB980182-IE8\ieframe.dll
+ 2011-02-10 08:03 . 2010-11-06 00:26	11080704              c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-16 02:50 . 2010-09-10 05:58	11080192              c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2010-10-14 06:50 . 2010-06-24 21:51	11077120              c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-08-13 07:06 . 2010-05-06 10:41	11076096              c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-13 07:22 . 2010-08-13 07:22	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-07 23:20 . 2010-10-07 23:20	11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-07 23:18 . 2010-10-07 23:18	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-07 23:04 . 2010-10-07 23:04	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-08-13 07:20 . 2010-08-13 07:20	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-13 07:19 . 2010-08-13 07:19	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-13 07:18 . 2010-08-13 07:18	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2010-10-14 06:51 . 2009-07-14 03:43	10841088              c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2010-05-06 20:06 . 2010-05-06 20:06	11078144              c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
+ 2010-03-31 12:13 . 2010-02-25 06:19	11073024              c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieframe.dll
+ 2011-02-10 07:49 . 2010-12-20 23:58	11082752              c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 10:57 . 2010-11-06 10:57	11082752              c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
+ 2010-09-10 15:27 . 2010-09-10 15:27	11082240              c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieframe.dll
+ 2010-08-13 01:12 . 2010-06-24 12:24	11079168              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 23:13	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwPrv"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"BITS"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate1c9e3e97bc020a6;Google Update Service (gupdate1c9e3e97bc020a6);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\Microsoft Research\Joulemeter\JoulemeterService.exe [9/10/2010 7:04 PM 64816]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [1/8/2007 1:59 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [1/8/2007 1:59 PM 85696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-04 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-31 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-23 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-09 18:11]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} - hxxps://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b87x09q4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2011-04-03  21:09:47
ComboFix-quarantined-files.txt  2011-04-04 01:09
ComboFix2.txt  2011-04-04 00:37
ComboFix3.txt  2010-02-02 00:57
ComboFix4.txt  2010-01-28 19:57
ComboFix5.txt  2011-04-04 01:01
.
Pre-Run: 91,706,101,760 bytes free
Post-Run: 91,692,609,536 bytes free
.
- - End Of File - - 2B717E9A8197AFACF70CEFE651DA64F7


----------



## johnb35

Looks like you missed the last item in my script, plus a minor fix for a folder, so I'll post another one.  This log should be much shorter then the last one you did.

Also Please rescan your system with malwarebytes, making sure you update it to get the latest definitions and post the log. The latest definitions are 6262

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::

C:\32788R22FWJFW.1.tmp

Reglock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## mikec20311

oops, don't know how I missed anything the first time. well just dragged the new one into combofix.


----------



## mikec20311

ComboFix 11-04-03.01 - Compaq_Owner 04/03/2011  21:52:38.7.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2494.1969 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\32788R22FWJFW.1.tmp
c:\32788r22fwjfw.1.tmp\firefox.exe
c:\32788r22fwjfw.1.tmp\iexplore.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\TeamViewer
2011-04-03 23:50 . 2011-04-03 23:50	--------	d-----w-	c:\program files\TeamViewer
2011-04-02 23:35 . 2011-04-02 23:35	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2011-04-02 22:58 . 2011-04-03 00:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2011-04-02 13:24 . 2010-03-01 14:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-02 13:24 . 2010-02-16 18:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-02 13:24 . 2009-05-11 16:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-04-02 13:24 . 2009-05-11 16:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-04-02 13:24 . 2011-04-02 13:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2011-04-02 12:51 . 2011-04-02 13:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2011-04-02 01:26 . 2011-04-02 01:26	--------	d-----w-	c:\program files\Common Files\Adobe
2011-04-02 01:21 . 2011-04-02 01:21	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-04-02 00:48 . 2011-04-02 00:48	388096	----a-r-	c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 00:14 . 2011-04-02 00:14	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-03-31 05:18 . 2011-04-02 00:13	--------	d-----w-	c:\windows\system32\NtmsData
2011-03-09 04:32 . 2011-03-30 04:53	--------	d-----w-	c:\program files\SBR Poker
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 12:00	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 12:00	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 23:13	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwPrv"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"BITS"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate1c9e3e97bc020a6;Google Update Service (gupdate1c9e3e97bc020a6);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\Microsoft Research\Joulemeter\JoulemeterService.exe [9/10/2010 7:04 PM 64816]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 9:20 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [1/8/2007 1:59 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [1/8/2007 1:59 PM 85696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-04 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-31 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-03-23 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2011-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-09 18:11]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} - hxxps://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b87x09q4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2011-04-03  21:57:25
ComboFix-quarantined-files.txt  2011-04-04 01:57
ComboFix2.txt  2011-04-04 01:09
ComboFix3.txt  2011-04-04 00:37
ComboFix4.txt  2010-02-02 00:57
ComboFix5.txt  2011-04-04 01:51
.
Pre-Run: 91,698,974,720 bytes free
Post-Run: 91,688,919,040 bytes free
.
- - End Of File - - 9C8EE4678CDEC2E3DE5D8673FD23769F


----------



## mikec20311

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2011 10:03:10 PM
mbam-log-2011-04-03 (22-03-10).txt

Scan type: Quick scan
Objects scanned: 163466
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## johnb35

hmmm, that one key won't unlock.  Other than that, the cf log looks good now.  Just need you to run an updated malwarebytes scan.  Also just to let you know, i'm currently working on an hp system that was infected with the same item you were in your first combofix log. With a rootkit and the bad service. 

Service_WMPNetworkSvc


I'm also in the process of running an eset online scan and its found 35 threats.  So it's not a bad idea for you to do the same.  The scan can take up to a couple hours depending on whats on your system.  

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## mikec20311

I suppose I'm cured now?  Hope so at least


----------



## johnb35

Yep, looks like you are all set to go.  Let me know if you are still having any issues.


----------

