Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups! Help! [CLOSED]

Started by Stephy , Jul 21 2008 12:13 AM

  • This topic is locked This topic is locked

#1
Stephy
Posted 21 July 2008 - 12:13 AM

Stephy

    Member

  • Member
  • PipPip
  • 14 posts
My computer has some kind of spyware on it that I can't get rid of. I am getting pop-ups, but my pop-up blocker is on...
Thanks for your help!



Here is my hijack this logfile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:09 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1134629068\ee\aolsoftware.exe
c:\program files\common files\aol\1134629068\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134629068\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\EHOME\EHTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/...rp.cab53083.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective....torLauncher.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134547250296
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bol...geUploader3.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediam...oad/XUpload.ocx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://aolsvc.aol.co...ia.1.0.0.22.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/o...e/bin/setup.exe
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.c...ad/ms40upld.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13265 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 21 July 2008 - 12:38 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator


Regards
fenzodahl512
  • 0

#3
Stephy
Posted 21 July 2008 - 02:05 PM

Stephy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Any time I try to run the DSS program, it freezes and then a box pops up that says dss.exe has encountered a problem and needed to shut down.
  • 0

#4
fenzodahl512
Posted 21 July 2008 - 02:11 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. lets do this...


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



--------------------------------------------



Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#5
Stephy
Posted 21 July 2008 - 02:52 PM

Stephy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-07-20.A0 - Stephanie Terry 2008-07-21 13:39:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -7:00]
Running from: C:\Documents and Settings\Stephanie Terry\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://pes.tvdownload.microsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-21 12:45 . 2008-07-21 12:45 <DIR> d-------- C:\Deckard
2008-07-15 22:13 . 2008-07-20 23:17 <DIR> d-------- C:\Program Files\Gamevance
2008-06-21 15:42 . 2008-06-21 15:42 <DIR> d-------- C:\Program Files\kid-pref

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 06:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-20 00:26 --------- d-----w C:\Program Files\BookSmart
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:41 --------- d-----w C:\Program Files\Scholastic
2008-06-11 22:41 --------- d-----w C:\Documents and Settings\Stephanie Terry\Application Data\Scholastic
2008-06-07 22:24 --------- d-----w C:\Documents and Settings\Stephanie Terry\Application Data\Roxio
2008-06-04 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-03 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 20:57 --------- d-----w C:\Documents and Settings\Stephanie Terry\Application Data\AdobeUM
2008-05-09 15:21 2,786 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\SYSTEM32\404Fix.exe
2008-04-24 15:10 86,528 ----a-w C:\WINDOWS\SYSTEM32\VACFix.exe
2008-04-24 05:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-01 21:39 15,143,592 ----a-w C:\Program Files\mysterycasefileshuntsville_at.exe
2005-11-12 19:30 212,849 ----a-w C:\Program Files\hijackthis.zip
2005-11-12 19:20 19,679 ----a-w C:\Program Files\hijackthis.log
2005-11-11 20:42 218,112 ----a-w C:\Program Files\HijackThis.exe
2005-09-11 22:11 565,248 --sha-w C:\Program Files\ehthumbs.db
2005-08-22 16:34 8,446,517 ----a-w C:\Program Files\ndntenst(virus protection).exe
2005-08-22 16:18 8,446,517 ----a-w C:\Program Files\ndntenst(virusprotection).exe
2005-08-09 02:13 2,731,632 ----a-w C:\Program Files\DeepBurner1.exe
2005-07-20 06:19 8,563 ----a-w C:\Program Files\player.zip
2005-04-21 16:51 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2005-04-21 16:52 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-09_12.28.30.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2004-08-10 11:00:00 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2004-08-10 11:00:00 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-10 11:00:00 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-10 11:00:00 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-10 11:00:00 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-08-10 11:00:00 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-10 11:00:00 151,583 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-10 11:00:00 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-10 11:00:00 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-10 11:00:00 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-10 11:00:00 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-10 11:00:00 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-10 11:00:00 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-10 11:00:00 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-10 11:00:00 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-10 11:00:00 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-10 11:00:00 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-10 11:00:00 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-04 07:10:38 274,304 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
- 2005-04-20 01:43:01 1,100,392 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-05-28 10:06:36 1,103,248 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2005-04-20 01:43:01 141,928 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-05-28 10:05:30 144,784 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2005-04-20 01:43:01 408,176 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-05-28 10:06:48 411,024 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2005-04-20 01:43:01 35,448 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-05-28 10:06:46 38,304 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2005-04-20 01:43:01 461,416 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2008-05-28 10:06:31 464,272 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
- 2005-04-20 01:43:01 223,856 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-05-28 10:07:02 226,712 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2005-04-20 01:43:01 20,080 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-05-28 10:06:26 22,928 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2005-04-20 01:43:01 662,120 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-05-28 10:06:55 664,968 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2005-04-20 01:43:01 371,296 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-05-28 10:05:30 374,152 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2005-04-20 01:43:01 64,088 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-05-28 10:05:25 66,936 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2005-04-20 01:43:01 223,800 ----a-w C:\WINDOWS\ASSEMBLY\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-05-28 10:05:19 226,656 ----a-w C:\WINDOWS\ASSEMBLY\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2006-06-16 01:33:54 1,132,192 ----a-w C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
+ 2008-05-29 23:52:30 3,200,272 ----a-w C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\I386\bthport.sys
- 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-02 01:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2003-07-15 05:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 05:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 05:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2005-04-20 01:43:01 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2003-07-15 05:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 16:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2005-04-20 01:43:01 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2003-07-15 05:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 05:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2005-04-20 01:43:01 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-06-19 00:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 05:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 06:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 05:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 05:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 05:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 05:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 09:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 05:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 05:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 00:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-19 00:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 23:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 23:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 06:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2005-04-20 01:43:01 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-19 00:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2005-04-20 01:43:01 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2005-04-20 01:43:01 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 05:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2005-04-20 01:43:01 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-15 05:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2005-04-20 01:43:01 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2003-07-15 10:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2005-04-20 01:43:01 223,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2002-10-07 17:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-05-09 04:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 16:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-21 18:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 05:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 05:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 05:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2002-10-07 16:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2002-10-07 16:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 16:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 16:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 16:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 16:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 16:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 16:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 05:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2005-04-20 01:43:01 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2005-04-20 01:43:01 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 17:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 18:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 21:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2001-06-05 15:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 15:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2001-06-05 15:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 15:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2005-05-04 07:06:27 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 07:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-04 07:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2001-10-23 07:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 15:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
- 2008-04-09 10:04:22 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-28 10:07:29 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-09 10:04:22 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-28 10:07:28 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-09 10:04:22 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-28 10:07:29 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-09 10:04:22 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-28 10:07:29 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-09 10:04:22 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-28 10:07:29 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-09 10:04:23 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-28 10:07:30 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-09 10:04:22 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-28 10:07:29 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-09 10:04:23 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-28 10:07:30 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-09 10:04:22 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-28 10:07:28 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-09 10:04:21 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-28 10:07:28 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-03 21:00:25 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2004-08-10 11:00:00 561,179 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2004-08-10 11:00:00 294,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll
- 2004-08-10 11:00:00 512,029 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
- 2004-08-10 11:00:00 319,517 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2004-08-10 11:00:00 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
- 2004-08-10 11:00:00 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
- 2004-08-10 11:00:00 53,279 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
- 2004-08-10 11:00:00 241,693 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
- 2004-08-10 11:00:00 213,023 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2004-08-10 11:00:00 421,919 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
- 2004-08-10 11:00:00 315,423 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
- 2004-08-10 11:00:00 552,989 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
- 2004-08-10 11:00:00 258,077 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2004-08-10 11:00:00 831,519 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
- 2004-08-10 11:00:00 614,429 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2005-03-17 21:39:56 1,146,320 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
+ 2007-06-06 17:53:34 1,195,888 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
- 2003-07-15 05:57:04 32,584 ----a-w C:\WINDOWS\SYSTEM32\FM20ENU.DLL
+ 2007-03-23 02:17:04 35,440 ----a-w C:\WINDOWS\SYSTEM32\FM20ENU.DLL
- 2008-04-09 10:12:11 345,016 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-05-28 10:15:41 345,016 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil9f.exe
- 2008-02-04 20:06:18 74,649 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-11 15:24:54 74,137 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
- 2007-08-07 21:35:56 585,728 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 06:29:22 581,632 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 06:12:30 1,490,944 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\dirapiX.dll
- 2007-08-07 21:36:32 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 06:29:58 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 06:10:06 606,208 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\iml32X.dll
- 2007-08-07 21:35:22 339,968 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 06:28:48 339,968 ----a-w C:�
  • 0

#6
fenzodahl512
Posted 21 July 2008 - 02:58 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. Somehow your ComboFix log has been cut-off.. Please find it in C:\combofix.txt and attach it here.. Don't post it this time as it will be too long to fit into one post..
  • 0

#7
Stephy
Posted 21 July 2008 - 03:25 PM

Stephy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Is this what you mean?

Attached Files


  • 0

#8
fenzodahl512
Posted 21 July 2008 - 04:41 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. looks like you have run ComboFix before.. Please tell me what kinds of pop-ups do you have?,, Is it some kind of games, porn, fake antivirus, fake visa/mastercard verification?



Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\system32\DRIVERS\av100s2k.sys
      C:\WINDOWS\system32\DRIVERS\av100u2k.sys
      C:\WINDOWS\Downloaded Program Files\ms40upld.ocx
      C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.22.dll
      C:\Program Files\Gamevance\gamevance32.exe
  • Click on the Upload button. You can submit only one file per entry
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



Please post all results here..


Regards
fenzodahl512

Edited by fenzodahl512, 21 July 2008 - 04:42 PM.

  • 0

#9
Stephy
Posted 21 July 2008 - 05:48 PM

Stephy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The pop-ups seem to know what I am searching for and throws up a pop-up for it. I ran a spy-ware program I don't have membership for and it found something called eXact Advertising. But, since I don't have membership I couldn't do anything with it. I don't know if that is the problem or not.
Thanks!

1)
VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 16:14:54 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : av100s2k.sys
File Size : 10496 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : d81ae7e0cd835d25349a52cc9a0e96a3
SHA1 : ed54756f57668d867283a481bd963c96a0985f89
Online report : http://virscan.org/r...950488049a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.38 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.83 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 2.08 -
Arcavir 1.0.4 200807151947 2008-07-15 1.17 -
AVAST! 3.0.1 080721-0 2008-07-21 0.00 -
AVG 7.5.51.442 270.5.3/1565 2008-07-21 1.45 -
BitDefender 7.60825.1382390 7.20132 2008-07-22 2.55 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 0.66 -
ClamAV 0.93.3 7771 2008-07-22 0.01 -
Comodo 2.11 2.0.0.592 2008-07-21 0.43 -
CP Secure 1.1.0.715 2008.07.22 2008-07-22 5.86 -
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 2.98 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.25 -
F-Prot 4.4.4.56 20080721 2008-07-21 0.94 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 2.72 -
Fortinet 2.81-3.11 9.342 2008-07-22 1.61 -
ViRobot 20080721 2008.07.21 2008-07-21 0.41 -
Ikarus T3.1.01.34 2008.07.21.71134 2008-07-21 3.17 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.12 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.03 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.64 -
McAfee 5.2.00 5342 2008-07-18 2.05 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.47 -
mks_vir 2.01 2008.07.21 2008-07-21 2.50 -
Norman 5.93.01 5.93.00 2008-07-21 4.43 -
Panda 9.05.01 2008.07.21 2008-07-21 2.21 -
Trend Micro 8.700-1004 5.420.10 2008-07-21 0.02 -
Quick Heal 9.50 2008.07.15 2008-07-15 1.59 -
Rising 20.0 20.54.02.00 2008-07-21 0.75 -
Sophos 2.75.4 4.31 2008-07-22 1.88 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.40 -
Symantec 1.3.0.24 20080721.003 2008-07-21 0.25 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.10 -
The Hacker 6.2.96 v00385 2008-07-19 0.39 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.07 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 0.80 -



2)same as 1




3)VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 16:33:30 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : ms40upld.ocx
File Size : 312384 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 39a760aea1227f105cd6034a98f8a4eb
SHA1 : 644ddc47cc597b6d7763189e92e656467a3e9937
Online report : http://virscan.org/r...9b0c8bceb1.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.59 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.84 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 2.12 -
Arcavir 1.0.4 200807151947 2008-07-15 1.18 -
AVAST! 3.0.1 080721-0 2008-07-21 0.65 -
AVG 7.5.51.442 270.5.3/1565 2008-07-21 1.47 -
BitDefender 7.60825.1382391 7.20133 2008-07-22 2.56 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 0.64 -
ClamAV 0.93.3 7771 2008-07-22 0.07 -
Comodo 2.11 2.0.0.592 2008-07-21 0.43 -
CP Secure 1.1.0.715 2008.07.22 2008-07-22 5.92 -
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 3.03 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.32 -
F-Prot 4.4.4.56 20080721 2008-07-21 0.96 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 2.75 -
Fortinet 2.81-3.11 9.342 2008-07-22 1.61 -
ViRobot 20080721 2008.07.21 2008-07-21 0.40 -
Ikarus T3.1.01.34 2008.07.21.71135 2008-07-21 3.28 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.14 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.04 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.74 -
McAfee 5.2.00 5343 2008-07-21 2.03 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.45 -
mks_vir 2.01 2008.07.21 2008-07-21 2.45 -
Norman 5.93.01 5.93.00 2008-07-21 4.45 -
Panda 9.05.01 2008.07.21 2008-07-21 1.97 -
Trend Micro 8.700-1004 5.420.10 2008-07-21 0.03 -
Quick Heal 9.50 2008.07.15 2008-07-15 1.65 -
Rising 20.0 20.54.02.00 2008-07-21 0.74 -
Sophos 2.75.4 4.31 2008-07-22 1.84 -
Sunbelt 3.1.1536.1 2156 2008-07-18 1.12 -
Symantec 1.3.0.24 20080721.003 2008-07-21 0.07 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.37 -
The Hacker 6.2.96 v00385 2008-07-19 0.39 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.18 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 1.55 -

4)VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 16:45:14 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : Sweetopia.1.0.0.22.dll
File Size : 1877608 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 04d47b0bf0c607096e7d13562f8cb35c
SHA1 : a11e71697415eec8f653f974ed13e5cdde1b470d
Online report : http://virscan.org/r...79d026545c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.34 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.83 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 2.27 -
Arcavir 1.0.4 200807151947 2008-07-15 2.04 -
AVAST! 3.0.1 080721-0 2008-07-21 0.06 -
AVG 7.5.51.442 270.5.3/1565 2008-07-21 4.34 -
BitDefender 7.60825.1382391 7.20133 2008-07-22 2.55 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 1.10 -
ClamAV 0.93.3 7771 2008-07-22 0.62 -
Comodo 2.11 2.0.0.592 2008-07-21 0.48 -
CP Secure 1.1.0.715 2008.07.22 2008-07-22 6.28 -
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 4.75 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.42 -
F-Prot 4.4.4.56 20080721 2008-07-21 1.00 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 3.65 -
Fortinet 2.81-3.11 9.342 2008-07-22 1.85 -
ViRobot 20080721 2008.07.21 2008-07-21 0.40 -
Ikarus T3.1.01.34 2008.07.21.71135 2008-07-21 3.32 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.12 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.58 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.62 -
McAfee 5.2.00 5343 2008-07-21 1.99 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.44 -
mks_vir 2.01 2008.07.21 2008-07-21 2.62 -
Norman 5.93.01 5.93.00 2008-07-21 4.58 -
Panda 9.05.01 2008.07.21 2008-07-21 2.04 -
Trend Micro 8.700-1004 5.420.10 2008-07-21 0.03 -
Quick Heal 9.50 2008.07.15 2008-07-15 1.96 -
Rising 20.0 20.54.02.00 2008-07-21 0.73 -
Sophos 2.75.4 4.31 2008-07-22 1.83 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.54 -
Symantec 1.3.0.24 20080721.003 2008-07-21 0.07 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.14 -
The Hacker 6.2.96 v00385 2008-07-19 0.39 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.18 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 2.42 -




5)VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 16:28:19 (PDT)
Scanner results: 6% Scanner(2/36) found malware!
File Name : gamevance32.exe
File Size : 79360 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : da1b4d7dd1da5966304ad8ee4fe2766a
SHA1 : c77a50c055780ada25b3eada605e8c65bd74be74
Online report : http://virscan.org/r...a96bb60607.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.35 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.82 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 2.13 -
Arcavir 1.0.4 200807151947 2008-07-15 1.17 -
AVAST! 3.0.1 080721-0 2008-07-21 0.64 -
AVG 7.5.51.442 270.5.3/1565 2008-07-21 1.46 -
BitDefender 7.60825.1382391 7.20133 2008-07-22 2.56 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 0.85 -
ClamAV 0.93.3 7771 2008-07-22 0.02 -
Comodo 2.11 2.0.0.592 2008-07-21 0.42 -
CP Secure 1.1.0.715 2008.07.22 2008-07-22 5.93 -
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 3.04 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.25 -
F-Prot 4.4.4.56 20080721 2008-07-21 1.00 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 2.73 -
Fortinet 2.81-3.11 9.342 2008-07-22 1.63 -
ViRobot 20080721 2008.07.21 2008-07-21 0.40 -
Ikarus T3.1.01.34 2008.07.21.71135 2008-07-21 3.18 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.10 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.04 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.68 -
McAfee 5.2.00 5343 2008-07-21 2.02 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.45 -
mks_vir 2.01 2008.07.21 2008-07-21 2.49 -
Norman 5.93.01 5.93.00 2008-07-21 4.41 -
Panda 9.05.01 2008.07.21 2008-07-21 1.97 -
Trend Micro 8.700-1004 5.420.10 2008-07-21 0.02 WORM_STRAT.GEN-3
Quick Heal 9.50 2008.07.15 2008-07-15 1.56 Worm.Strat.gen
Rising 20.0 20.54.02.00 2008-07-21 0.77 -
Sophos 2.75.4 4.31 2008-07-22 1.83 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.40 -
Symantec 1.3.0.24 20080721.003 2008-07-21 0.08 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.17 -
The Hacker 6.2.96 v00385 2008-07-19 0.39 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.18 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 0.85 -
  • 0

#10
fenzodahl512
Posted 21 July 2008 - 08:07 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Tell me, do you play Gamevance games?


Lets do this...


Please download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.




NEXT



Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply.. Please post each log in separate post..

1. SUPERAntiSpyware
2. Malwarebytes'
3. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#11
fenzodahl512
Posted 27 July 2008 - 12:34 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP