[andrewuk]

Also, it seems as if the same issues are coming up. Is this because I haven't deleted them yet out of quarantine? Should I delete them now?

no, the superantispyware scan cleared away remnants and infected items already safely quarantined as well as infected items in the restore points. the kaspersky scan also found infected items already safely quarantined and infected items in the restore points. the kaspersky scan did however find 5 infected files which we will clear away now.

we will flush your restore points at the end of the fix.


delete the version of combofix you have and download a new version from the same links. and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
"C:\Documents and Settings\Keisha Davis\My Documents\		 .htm"
C:\updaterInstall_102.exe
C:\WINDOWS\gsi.exe
C:\WINDOWS\SYSTEM32\MyExplore.exe
C:\WINDOWS\SYSTEM32\WinExplore.exe

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

and a new hijackthis log please

andrewuk

[Advertisements]

Andrewuk:

I have run ComboFix and HJT again. Part 1 of my ComboFix log is below! My Part 2 of the ComboFix log and the HJT log will be in my next 2 posts. Thank you so much for all of your help on this!

ComboFix 08-12-09.03 - Keisha Davis 2008-12-10 17:32:55.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.653 [GMT -5:00]
Running from: c:\documents and settings\Keisha Davis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keisha Davis\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\documents and settings\Keisha Davis\My Documents\ .htm"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-08 18:24 . 2008-12-08 18:24 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-08 18:23 . 2008-12-08 18:23 208 --a------ c:\windows\HpBestModeUpdatePatchLog.ini
2008-12-08 16:36 . 2008-12-08 16:36 <DIR> d-------- c:\program files\Common Files\HP
2008-12-08 16:35 . 2004-10-07 20:16 35,840 --a------ c:\windows\SYSTEM32\DRIVERS\AFS2K.SYS
2008-12-08 16:25 . 2003-08-11 03:07 34,468 --------- c:\windows\hpomdl03.dat
2008-12-08 16:25 . 2008-12-08 17:36 28,947 --a------ c:\windows\hpoins03.dat
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 14:01 . 2008-12-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2008-12-08 14:00 . 2008-12-08 14:00 61,224 --a------ c:\documents and settings\Keisha Davis\GoToAssistDownloadHelper.exe
2008-12-07 23:35 . 2008-12-07 23:35 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 22:56 . 2008-12-07 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 22:55 . 2008-12-08 01:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-07 22:55 . 2008-12-07 22:55 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\SUPERAntiSpyware.com
2008-12-07 22:54 . 2008-12-07 22:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-07 22:44 . 2003-08-11 03:07 278,528 --a------ c:\windows\SYSTEM32\hpdj
2008-12-07 18:05 . 2008-04-13 19:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2008-12-07 18:04 . 2008-04-13 19:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2008-12-07 18:04 . 2008-04-13 19:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2008-12-07 18:04 . 2008-04-13 19:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2008-12-07 18:04 . 2008-04-13 19:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2008-12-07 18:04 . 2008-04-13 19:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2008-12-07 18:04 . 2008-04-13 19:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2008-12-07 18:04 . 2008-04-13 19:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2008-12-07 18:04 . 2008-04-13 19:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2008-12-07 18:04 . 2008-04-13 13:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-12-07 18:02 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2008-12-07 18:02 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2008-12-07 18:02 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2008-12-07 16:55 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-07 16:54 . 2008-12-07 16:55 <DIR> d-------- C:\5325c27c11806dc08f3bab9c
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 05:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2008-12-07 16:54 . 2008-07-06 07:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2008-12-07 16:53 . 2008-12-07 19:01 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-04 09:00 . 2008-12-04 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-04 08:31 . 2008-12-04 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 21:08 . 2008-11-10 03:39 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-02 20:24 . 2006-10-26 19:56 32,592 --a------ c:\windows\SYSTEM32\msonpmon.dll
2008-12-02 20:22 . 2008-12-07 16:55 <DIR> d-------- c:\program files\MSBuild
2008-12-02 20:17 . 2008-12-02 20:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-27 09:13 . 2008-11-27 09:14 <DIR> d-------- c:\documents and settings\Keisha Davis\.SunDownloadManager
2008-11-27 08:48 . 2008-11-27 08:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-27 08:42 . 2008-11-27 09:24 <DIR> d-------- c:\program files\NOS
2008-11-27 08:42 . 2008-11-27 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-26 16:16 . 2008-11-10 05:43 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-25 15:23 . 2008-11-25 15:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 01:17 . 2008-12-07 19:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-25 01:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-12 22:14 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 23:27 --------- d-----w c:\program files\Overland
2008-12-08 19:00 --------- d-----w c:\program files\Citrix
2008-12-08 13:49 --------- d-----w c:\program files\Common Files\tsa
2008-12-08 13:43 --------- d-----w c:\program files\altpayV2
2008-12-08 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Mail Mp3 Flaw 64
2008-12-08 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-08 04:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 04:17 --------- d-----w c:\program files\EPSON
2008-12-08 00:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 00:31 --------- d-----w c:\program files\Java
2008-12-08 00:23 5,896 ----a-w c:\windows\SYSTEM32\PerfStringBackup.TMP
2008-12-08 00:17 --------- d-----w c:\program files\Yahoo!
2008-12-07 00:37 --------- d-----w c:\program files\CheckPoint
2008-12-07 00:35 --------- d-----w c:\program files\BitZipper
2008-12-07 00:34 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\BitZipper
2008-11-27 13:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-30 03:30 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 14:04 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\webex
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-14 11:45 --------- d-----w c:\program files\HP
2008-10-13 20:13 --------- d-----w c:\program files\iTunes
2008-10-13 20:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 20:12 --------- d-----w c:\program files\iPod
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Keisha Davis\Application Data\GTek
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Guest\Application Data\Gtek
2008-10-12 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2008-10-12 00:19 --------- d-----w c:\program files\Dell Support Center
2008-10-12 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-10-11 23:20 --------- d-----w c:\program files\FreeFixer
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-02-06 05:38 54,752 ----a-w c:\documents and settings\Keisha Davis\Application Data\GDIPFONTCACHEV1.DAT
2006-11-27 00:10 46,760 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-05-31 00:15 1,917 ----a-w c:\program files\Installed Items.lnk
2004-08-30 15:28 39 ----a-w c:\documents and settings\Keisha Davis\Application Data\tvmcwrd.dll
2003-10-10 06:01 1,842,680 ---ha-w c:\documents and settings\Keisha Davis\kyf.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-08_12.32.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 21:40:55 45,056 ----a-w c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
+ 2008-12-08 21:37:59 28,672 ----a-w c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_cs_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_da_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_de_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 6,144 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_el_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_en_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_es_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_fi_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_fr_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_hu_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_it_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,632 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ja_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ko_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_nl_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_no_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_pl_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_pt_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 6,144 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ru_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_sv_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_tr_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_zh-CHS_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_zh-CHT_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 610,304 ----a-w c:\windows\assembly\GAC\hpodmres\3.0.0.0__a53cf5803f4c3827\hpodmres.dll
+ 2008-12-08 21:42:51 81,920 ----a-w c:\windows\assembly\GAC\hpodmtab\3.0.0.0__a53cf5803f4c3827\hpodmtab.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2008-12-08 21:38:25 32,768 ----a-w c:\windows\assembly\GAC\hpqbpk10\3.0.0.0__a53cf5803f4c3827\hpqbpk10.dll
+ 2008-12-08 21:37:54 11,264 ----a-w c:\windows\assembly\GAC\hpqccrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqccrsc.resources.dll
+ 2008-12-08 21:37:54 155,648 ----a-w c:\windows\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
+ 2008-12-08 21:37:54 176,128 ----a-w c:\windows\assembly\GAC\hpqcmctl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcmctl.resources.dll
+ 2008-12-08 21:37:54 434,176 ----a-w c:\windows\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
+ 2008-12-08 21:41:49 24,576 ----a-w c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
+ 2008-12-08 21:41:50 5,632 ----a-w c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
+ 2008-12-08 21:41:50 139,264 ----a-w c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
+ 2008-12-08 21:38:23 28,672 ----a-w c:\windows\assembly\GAC\hpqcsc\3.0.0.0__a53cf5803f4c3827\hpqcsc.dll
+ 2008-12-08 21:38:25 20,480 ----a-w c:\windows\assembly\GAC\hpqdmbpk\3.0.0.0__a53cf5803f4c3827\hpqdmbpk.dll
+ 2008-12-08 21:38:25 36,864 ----a-w c:\windows\assembly\GAC\hpqdmpgl\3.0.0.0__a53cf5803f4c3827\hpqdmpgl.dll
+ 2008-12-08 21:38:29 57,344 ----a-w c:\windows\assembly\GAC\hpqdtmdl\3.0.0.0__a53cf5803f4c3827\hpqdtmdl.dll
+ 2008-12-08 21:38:25 28,672 ----a-w c:\windows\assembly\GAC\hpqfddc\3.0.0.0__a53cf5803f4c3827\hpqfddc.dll
+ 2008-12-08 21:38:26 20,480 ----a-w c:\windows\assembly\GAC\hpqfdl10\3.0.0.0__a53cf5803f4c3827\hpqfdl10.dll
+ 2008-12-08 21:37:55 5,632 ----a-w c:\windows\assembly\GAC\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
+ 2008-12-08 21:37:56 86,016 ----a-w c:\windows\assembly\GAC\hpqgldlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgldlg.resources.dll
+ 2008-12-08 21:37:56 118,784 ----a-w c:\windows\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
+ 2008-12-08 21:37:56 24,576 ----a-w c:\windows\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
+ 2008-12-08 21:41:50 6,144 ----a-w c:\windows\assembly\GAC\hpqgprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgprsc.resources.dll
+ 2008-12-08 21:41:50 28,672 ----a-w c:\windows\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
+ 2008-12-08 21:41:51 61,440 ----a-w c:\windows\assembly\GAC\hpqgrobj\3.0.0.0__a53cf5803f4c3827\hpqgrobj.dll
+ 2008-12-08 21:37:57 61,440 ----a-w c:\windows\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
+ 2008-12-08 21:41:52 94,208 ----a-w c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll
+ 2008-12-08 21:41:51 184,320 ----a-w c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
+ 2008-12-08 21:38:16 73,728 ----a-w c:\windows\assembly\GAC\hpqieshl\3.0.0.0__a53cf5803f4c3827\hpqieshl.dll
+ 2008-12-08 21:38:16 9,728 ----a-w c:\windows\assembly\GAC\hpqieshr.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieshr.resources.dll
+ 2008-12-08 21:38:16 28,672 ----a-w c:\windows\assembly\GAC\hpqieshr\3.0.0.0__a53cf5803f4c3827\hpqieshr.dll
+ 2008-12-08 21:38:17 176,128 ----a-w c:\windows\assembly\GAC\hpqieshu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieshu.resources.dll
+ 2008-12-08 21:38:16 282,624 ----a-w c:\windows\assembly\GAC\hpqieshu\3.0.0.0__a53cf5803f4c3827\hpqieshu.dll
+ 2008-12-08 21:38:17 110,592 ----a-w c:\windows\assembly\GAC\hpqiesil\3.0.0.0__a53cf5803f4c3827\hpqiesil.dll
+ 2008-12-08 21:38:18 11,264 ----a-w c:\windows\assembly\GAC\hpqiesir.resources\3.0.0.0_en_a53cf5803f4c3827\hpqiesir.resources.dll
+ 2008-12-08 21:38:17 61,440 ----a-w c:\windows\assembly\GAC\hpqiesir\3.0.0.0__a53cf5803f4c3827\hpqiesir.dll
+ 2008-12-08 21:38:18 512,000 ----a-w c:\windows\assembly\GAC\hpqiesiu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqiesiu.resources.dll
+ 2008-12-08 21:38:18 749,568 ----a-w c:\windows\assembly\GAC\hpqiesiu\3.0.0.0__a53cf5803f4c3827\hpqiesiu.dll
+ 2008-12-08 21:38:20 28,672 ----a-w c:\windows\assembly\GAC\hpqievil\3.0.0.0__a53cf5803f4c3827\hpqievil.dll
+ 2008-12-08 21:38:21 6,144 ----a-w c:\windows\assembly\GAC\hpqievir.resources\3.0.0.0_en_a53cf5803f4c3827\hpqievir.resources.dll
+ 2008-12-08 21:38:20 20,480 ----a-w c:\windows\assembly\GAC\hpqievir\3.0.0.0__a53cf5803f4c3827\hpqievir.dll
+ 2008-12-08 21:38:21 57,344 ----a-w c:\windows\assembly\GAC\hpqieviu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieviu.resources.dll
+ 2008-12-08 21:38:21 86,016 ----a-w c:\windows\assembly\GAC\hpqieviu\3.0.0.0__a53cf5803f4c3827\hpqieviu.dll
+ 2008-12-08 21:37:56 16,384 ----a-w c:\windows\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
+ 2008-12-08 21:37:56 114,688 ----a-w c:\windows\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
+ 2008-12-08 21:40:56 32,768 ----a-w c:\windows\assembly\GAC\hpqisrtb\3.1.0.0__a53cf5803f4c3827\hpqisrtb.dll
+ 2008-12-08 21:40:56 184,320 ----a-w c:\windows\assembly\GAC\hpqistab\3.1.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2008-12-08 21:38:26 24,576 ----a-w c:\windows\assembly\GAC\hpqlpomc\3.0.0.0__a53cf5803f4c3827\hpqlpomc.dll
+ 2008-12-08 21:38:26 16,384 ----a-w c:\windows\assembly\GAC\hpqls\3.0.0.0__a53cf5803f4c3827\hpqls.dll
+ 2008-12-08 21:38:10 45,056 ----a-w c:\windows\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
+ 2008-12-08 21:38:10 36,864 ----a-w c:\windows\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
+ 2008-12-08 21:38:13 45,056 ----a-w c:\windows\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
+ 2008-12-08 21:38:23 20,480 ----a-w c:\windows\assembly\GAC\hpqpaac\3.0.0.0__a53cf5803f4c3827\hpqpaac.dll
+ 2008-12-08 21:38:26 4,608 ----a-w c:\windows\assembly\GAC\hpqpdrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpdrsc.resources.dll
+ 2008-12-08 21:38:26 24,576 ----a-w c:\windows\assembly\GAC\hpqpdrsc\3.0.0.0__a53cf5803f4c3827\hpqpdrsc.dll
+ 2008-12-08 21:38:27 20,480 ----a-w c:\windows\assembly\GAC\hpqpec10\3.0.0.0__a53cf5803f4c3827\hpqpec10.dll
+ 2008-12-08 21:38:27 40,960 ----a-w c:\windows\assembly\GAC\hpqpel10.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2008-12-08 21:38:27 86,016 ----a-w c:\windows\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
+ 2008-12-08 21:38:27 24,576 ----a-w c:\windows\assembly\GAC\hpqpepmc\3.0.0.0__a53cf5803f4c3827\hpqpepmc.dll
+ 2008-12-08 21:38:27 16,384 ----a-w c:\windows\assembly\GAC\hpqpesbc\3.0.0.0__a53cf5803f4c3827\hpqpesbc.dll
+ 2008-12-08 21:38:27 20,480 ----a-w c:\windows\assembly\GAC\hpqpimc\3.0.0.0__a53cf5803f4c3827\hpqpimc.dll
+ 2008-12-08 21:38:19 8,704 ----a-w c:\windows\assembly\GAC\hpqpitrc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpitrc.resources.dll
+ 2008-12-08 21:38:19 28,672 ----a-w c:\windows\assembly\GAC\hpqpitrc\3.0.0.0__a53cf5803f4c3827\hpqpitrc.dll
+ 2008-12-08 21:38:28 32,768 ----a-w c:\windows\assembly\GAC\hpqprdlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprdlg.resources.dll
+ 2008-12-08 21:38:27 45,056 ----a-w c:\windows\assembly\GAC\hpqprdlg\3.0.0.0__a53cf5803f4c3827\hpqprdlg.dll
+ 2008-12-08 21:41:52 315,392 ----a-w c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
+ 2008-12-08 21:38:28 57,344 ----a-w c:\windows\assembly\GAC\hpqprtsv\3.0.0.0__a53cf5803f4c3827\hpqprtsv.dll
+ 2008-12-08 21:38:28 110,592 ----a-w c:\windows\assembly\GAC\hpqprtui.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprtui.resources.dll
+ 2008-12-08 21:38:28 176,128 ----a-w c:\windows\assembly\GAC\hpqprtui\3.0.0.0__a53cf5803f4c3827\hpqprtui.dll
+ 2008-12-08 21:38:28 4,096 ----a-w c:\windows\assembly\GAC\hpqpsrac.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpsrac.resources.dll
+ 2008-12-08 21:38:28 24,576 ----a-w c:\windows\assembly\GAC\hpqpsrac\3.0.0.0__a53cf5803f4c3827\hpqpsrac.dll
+ 2008-12-08 21:38:11 16,384 ----a-w c:\windows\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
+ 2008-12-08 21:38:28 28,672 ----a-w c:\windows\assembly\GAC\hpqptl10\3.0.0.0__a53cf5803f4c3827\hpqptl10.dll
+ 2008-12-08 21:38:29 4,608 ----a-w c:\windows\assembly\GAC\hpqpuirc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpuirc.resources.dll
+ 2008-12-08 21:38:28 24,576 ----a-w c:\windows\assembly\GAC\hpqpuirc\3.0.0.0__a53cf5803f4c3827\hpqpuirc.dll
+ 2008-12-08 21:38:24 81,920 ----a-w c:\windows\assembly\GAC\hpqqpc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqqpc.resources.dll
+ 2008-12-08 21:38:24 143,360 ----a-w c:\windows\assembly\GAC\hpqqpc\3.0.0.0__a53cf5803f4c3827\hpqqpc.dll
+ 2008-12-08 21:38:14 57,344 ----a-w c:\windows\assembly\GAC\hpqshfop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqshfop.resources.dll
+ 2008-12-08 21:38:14 77,824 ----a-w c:\windows\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
+ 2008-12-08 21:38:15 16,384 ----a-w c:\windows\assembly\GAC\hpqsndto\3.0.0.0__a53cf5803f4c3827\hpqsndto.dll
+ 2008-12-08 21:37:57 4,096 ----a-w c:\windows\assembly\GAC\hpqthrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqthrsc.resources.dll
+ 2008-12-08 21:37:57 28,672 ----a-w c:\windows\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
+ 2008-12-08 21:37:57 40,960 ----a-w c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
+ 2008-12-08 21:37:57 61,440 ----a-w c:\windows\assembly\GAC\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
+ 2008-12-08 21:37:57 106,496 ----a-w c:\windows\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
+ 2008-12-08 21:37:55 69,632 ----a-w c:\windows\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
+ 2008-12-08 21:38:24 36,864 ----a-w c:\windows\assembly\GAC\hpqvec\3.0.0.0__a53cf5803f4c3827\hpqvec.dll
+ 2008-12-08 21:38:29 32,768 ----a-w c:\windows\assembly\GAC\hpqw32pr\3.0.0.0__a53cf5803f4c3827\hpqw32pr.dll
+ 2008-12-08 21:38:20 24,576 ----a-w c:\windows\assembly\GAC\hpqwpsz\3.0.0.0__a53cf5803f4c3827\hpqwpsz.dll
+ 2008-12-08 21:37:58 32,768 ----a-w c:\windows\assembly\GAC\Interop.hpdarc\1.7.1.0__a53cf5803f4c3827\Interop.hpdarc.dll
+ 2008-12-08 21:37:58 90,112 ----a-w c:\windows\assembly\GAC\Interop.hpocxi08\3.0.0.0__a53cf5803f4c3827\Interop.hpocxi08.dll
+ 2008-12-08 21:37:59 24,576 ----a-w c:\windows\assembly\GAC\interop.hpodae\2.0.468.1596__a53cf5803f4c3827\interop.hpodae.dll
+ 2008-12-08 21:37:59 53,248 ----a-w c:\windows\assembly\GAC\interop.hpodai\2.0.468.1596__a53cf5803f4c3827\interop.hpodai.dll
+ 2008-12-08 21:37:59 12,800 ----a-w c:\windows\assembly\GAC\interop.hpodaud\2.0.468.1596__a53cf5803f4c3827\interop.hpodaud.dll
+ 2008-12-08 21:37:58 86,016 ----a-w c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
+ 2008-12-08 21:37:58 10,240 ----a-w c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
+ 2008-12-08 21:37:58 159,744 ----a-w c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2008-12-08 21:37:59 15,360 ----a-w c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
+ 2008-12-08 21:37:59 6,656 ----a-w c:\windows\assembly\GAC\interop.hpodmp\2.0.468.1596__a53cf5803f4c3827\interop.hpodmp.dll
+ 2008-12-08 21:37:59 7,680 ----a-w c:\windows\assembly\GAC\interop.hpodmpv\2.0.468.1596__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2008-12-08 21:37:59 12,800 ----a-w c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.468.1596__a53cf5803f4c3827\interop.hpodmpv_md.dll
+ 2008-12-08 21:37:59 13,312 ----a-w c:\windows\assembly\GAC\interop.hpodtrk\2.0.468.1596__a53cf5803f4c3827\interop.hpodtrk.dll
+ 2008-12-08 21:38:00 13,312 ----a-w c:\windows\assembly\GAC\interop.hpodvid\2.0.468.1596__a53cf5803f4c3827\interop.hpodvid.dll
+ 2008-12-08 21:38:00 15,872 ----a-w c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.468.1596__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2008-12-08 21:37:58 5,632 ----a-w c:\windows\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
+ 2008-12-08 21:37:58 36,864 ----a-w c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
+ 2008-12-08 21:37:59 10,240 ----a-w c:\windows\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
+ 2008-12-08 21:40:56 18,944 ----a-w c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2008-12-08 21:40:56 126,976 ----a-w c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
+ 2008-12-08 21:38:06 81,920 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
+ 2008-12-08 21:38:07 90,112 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2008-12-08 21:38:06 69,632 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Ocr\13.0.0.35__9cf889f53ea9b907\LEAD.Drawing.Imaging.Ocr.dll
+ 2008-12-08 21:38:06 102,400 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
+ 2008-12-08 21:38:07 81,920 ----a-w c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.dll
+ 2008-12-08 21:38:08 106,496 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2008-12-08 21:38:09 69,632 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
+ 2008-12-08 21:38:08 77,824 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.hp\13.0.0.58__9cf889f53ea9b907\LEAD.Windows.Forms.hp.dll
+ 2008-12-08 21:38:09 36,864 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2008-12-08 21:38:09 430,080 ----a-w c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.66__9cf889f53ea9b907\LEAD.Wrapper.dll
+ 2008-12-08 21:38:09 81,920 ----a-w c:\windows\assembly\GAC\LEAD\13.0.0.66__9cf889f53ea9b907\LEAD.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-12-08 21:36:52 4,150 ----a-r c:\windows\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
- 2008-10-15 07:13:42 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-12-10 21:12:30 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-10-15 07:13:42 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-12-10 21:12:30 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-10-15 07:13:42 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-12-10 21:12:30 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-10-15 07:13:41 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-12-10 21:12:30 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-10-15 07:13:42 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-12-10 21:12:30 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-10-15 07:13:42 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-12-10 21:12:30 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-10-15 07:13:42 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-12-10 21:12:30 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-10-15 07:13:41 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-12-10 21:12:30 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-10-15 07:13:42 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-12-10 21:12:30 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-10-15 07:13:42 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-12-10 21:12:30 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-10-15 07:13:41 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-12-10 21:12:30 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-10-15 07:13:41 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-12-10 21:12:29 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-06-24 07:01:33 135,168 ----a-r c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-10 21:08:41 135,168 ----a-r c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-13 08:29:49 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-10 21:14:58 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 08:29:51 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-10 21:14:58 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 08:29:51 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-10 21:14:58 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 08:29:52 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-10 21:14:58 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 08:29:52 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-10 21:14:58 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 08:29:50 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-10 21:14:58 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 08:29:50 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-10 21:14:58 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 08:29:51 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-10 21:14:58 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 08:29:52 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-10 21:14:58 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 08:29:50 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-10 21:14:58 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-04 08:08:33 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-10 21:15:24 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-04 08:08:37 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-10 21:15:25 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-04 08:08:34 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-10 21:15:24 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-04 08:08:35 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-10 21:15:24 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-04 08:08:36 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-10 21:15:25 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-04 08:08:37 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-10 21:15:25 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-04 08:08:38 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-10 21:15:25 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-04 08:08:35 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-10 21:15:24 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-04 08:08:35 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-10 21:15:24 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-04 08:08:36 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-10 21:15:25 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-04 08:08:37 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-10 21:15:25 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-04 08:08:34 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-10 21:15:24 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-08 03:55:48 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-12-08 03:55:48 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-12-08 21:43:11 40,960 ----a-r c:\windows\Installer\{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2004-09-18 19:14:06 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2008-12-08 21:41:25 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2004-09-18 19:14:06 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2008-12-08 21:41:25 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2008-08-26 07:24:28 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-08-26 07:24:28 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2001-09-06 02:00:58 1,700,352 ----a-w c:\windows\SYSTEM32\gdiplus.dll
+ 2003-07-25 16:15:20 212,992 ----a-w c:\windows\SYSTEM32\HPODStormEncoder.dll
+ 2003-01-31 17:59:46 118,784 ----a-r c:\windows\SYSTEM32\HPODXPAT.DLL
+ 2003-08-11 08:07:40 565,248 ----a-w c:\windows\SYSTEM32\hpotscl.dll
+ 2003-08-11 08:07:40 77,824 ----a-w c:\windows\SYSTEM32\hpovst08.dll
- 2003-08-11 08:07:38 65,795 ----a-w c:\windows\SYSTEM32\hpzipm12.exe
+ 2007-02-21 01:35:02 73,728 ----a-w c:\windows\SYSTEM32\hpzipm12.exe
+ 2003-07-22 14:12:34 49,152 ----a-r c:\windows\SYSTEM32\hpzjrd01.dll
+ 2003-07-22 14:12:36 94,208 ----a-r c:\windows\SYSTEM32\hpzjsn01.dll
+ 2003-08-11 08:07:34 204,866 ----a-w c:\windows\SYSTEM32\hpzsnt09.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2002-01-05 09:48:16 974,848 ----a-w c:\windows\SYSTEM32\mfc70.dll
+ 2002-01-05 09:36:38 964,608 ----a-w c:\windows\SYSTEM32\mfc70u.dll
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2002-01-05 08:40:20 487,424 ----a-w c:\windows\SYSTEM32\msvcp70.dll
+ 2002-01-05 08:37:28 344,064 ----a-w c:\windows\SYSTEM32\msvcr70.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2003-08-11 08:07:40 140,982 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpof5509.dat
+ 2003-08-11 08:07:40 36,864 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpofax08.dll
+ 2003-08-11 08:07:42 140,928 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpop5509.dat
+ 2003-08-11 08:07:34 204,800 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpz2ku09.dll
+ 2003-08-11 08:07:32 245,760 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcfg09.exe
+ 2003-08-11 08:07:34 208,896 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcoi09.dll
+ 2003-08-11 08:07:32 270,336 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcon09.dll
+ 2003-08-11 08:07:32 643,072 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzeng09.exe
+ 2003-08-11 08:07:32 81,920 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzflt09.dll
+ 2003-08-11 08:07:32 1,585,152 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzimc09.dll
+ 2003-08-11 08:07:34 221,184 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzime09.dll
+ 2007-02-21 01:35:02 73,728 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE
+ 2003-08-11 08:07:34 200,704 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzjui09.dll
+ 2003-08-11 08:07:34 147,512 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzlnt09.dll
+ 2003-08-11 08:07:34 479,232 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzpm309.dll
+ 2003-08-11 08:07:34 335,872 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzpre09.exe
+ 2003-08-11 08:07:42 9,707,520 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzr3209.dll
+ 2003-08-11 08:07:34 49,152 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzrer09.dll
+ 2003-08-11 08:07:34 380,928 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzres09.dll
+ 2003-08-11 08:07:42 319,488 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzrm309.dll
+ 2003-08-11 08:07:34 692,224 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzslk09.dll

Edited by CorporateKD, 10 December 2008 - 07:01 PM.

[CorporateKD]

Andrewuk:

I have run ComboFix and HJT again. Part 1 of my ComboFix log is below! My Part 2 of the ComboFix log and the HJT log will be in my next 2 posts. Thank you so much for all of your help on this!

ComboFix 08-12-09.03 - Keisha Davis 2008-12-10 17:32:55.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.653 [GMT -5:00]
Running from: c:\documents and settings\Keisha Davis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keisha Davis\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\documents and settings\Keisha Davis\My Documents\ .htm"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-08 18:24 . 2008-12-08 18:24 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-08 18:23 . 2008-12-08 18:23 208 --a------ c:\windows\HpBestModeUpdatePatchLog.ini
2008-12-08 16:36 . 2008-12-08 16:36 <DIR> d-------- c:\program files\Common Files\HP
2008-12-08 16:35 . 2004-10-07 20:16 35,840 --a------ c:\windows\SYSTEM32\DRIVERS\AFS2K.SYS
2008-12-08 16:25 . 2003-08-11 03:07 34,468 --------- c:\windows\hpomdl03.dat
2008-12-08 16:25 . 2008-12-08 17:36 28,947 --a------ c:\windows\hpoins03.dat
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 14:01 . 2008-12-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2008-12-08 14:00 . 2008-12-08 14:00 61,224 --a------ c:\documents and settings\Keisha Davis\GoToAssistDownloadHelper.exe
2008-12-07 23:35 . 2008-12-07 23:35 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 22:56 . 2008-12-07 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 22:55 . 2008-12-08 01:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-07 22:55 . 2008-12-07 22:55 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\SUPERAntiSpyware.com
2008-12-07 22:54 . 2008-12-07 22:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-07 22:44 . 2003-08-11 03:07 278,528 --a------ c:\windows\SYSTEM32\hpdj
2008-12-07 18:05 . 2008-04-13 19:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2008-12-07 18:04 . 2008-04-13 19:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2008-12-07 18:04 . 2008-04-13 19:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2008-12-07 18:04 . 2008-04-13 19:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2008-12-07 18:04 . 2008-04-13 19:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2008-12-07 18:04 . 2008-04-13 19:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2008-12-07 18:04 . 2008-04-13 19:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2008-12-07 18:04 . 2008-04-13 19:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2008-12-07 18:04 . 2008-04-13 19:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2008-12-07 18:04 . 2008-04-13 13:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-12-07 18:02 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2008-12-07 18:02 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2008-12-07 18:02 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2008-12-07 16:55 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-07 16:54 . 2008-12-07 16:55 <DIR> d-------- C:\5325c27c11806dc08f3bab9c
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 05:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2008-12-07 16:54 . 2008-07-06 07:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2008-12-07 16:53 . 2008-12-07 19:01 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-04 09:00 . 2008-12-04 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-04 08:31 . 2008-12-04 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 21:08 . 2008-11-10 03:39 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-02 20:24 . 2006-10-26 19:56 32,592 --a------ c:\windows\SYSTEM32\msonpmon.dll
2008-12-02 20:22 . 2008-12-07 16:55 <DIR> d-------- c:\program files\MSBuild
2008-12-02 20:17 . 2008-12-02 20:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-27 09:13 . 2008-11-27 09:14 <DIR> d-------- c:\documents and settings\Keisha Davis\.SunDownloadManager
2008-11-27 08:48 . 2008-11-27 08:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-27 08:42 . 2008-11-27 09:24 <DIR> d-------- c:\program files\NOS
2008-11-27 08:42 . 2008-11-27 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-26 16:16 . 2008-11-10 05:43 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-25 15:23 . 2008-11-25 15:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 01:17 . 2008-12-07 19:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-25 01:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-12 22:14 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 23:27 --------- d-----w c:\program files\Overland
2008-12-08 19:00 --------- d-----w c:\program files\Citrix
2008-12-08 13:49 --------- d-----w c:\program files\Common Files\tsa
2008-12-08 13:43 --------- d-----w c:\program files\altpayV2
2008-12-08 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Mail Mp3 Flaw 64
2008-12-08 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-08 04:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 04:17 --------- d-----w c:\program files\EPSON
2008-12-08 00:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 00:31 --------- d-----w c:\program files\Java
2008-12-08 00:23 5,896 ----a-w c:\windows\SYSTEM32\PerfStringBackup.TMP
2008-12-08 00:17 --------- d-----w c:\program files\Yahoo!
2008-12-07 00:37 --------- d-----w c:\program files\CheckPoint
2008-12-07 00:35 --------- d-----w c:\program files\BitZipper
2008-12-07 00:34 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\BitZipper
2008-11-27 13:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-30 03:30 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 14:04 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\webex
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-14 11:45 --------- d-----w c:\program files\HP
2008-10-13 20:13 --------- d-----w c:\program files\iTunes
2008-10-13 20:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 20:12 --------- d-----w c:\program files\iPod
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Keisha Davis\Application Data\GTek
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Guest\Application Data\Gtek
2008-10-12 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2008-10-12 00:19 --------- d-----w c:\program files\Dell Support Center
2008-10-12 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-10-11 23:20 --------- d-----w c:\program files\FreeFixer
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-02-06 05:38 54,752 ----a-w c:\documents and settings\Keisha Davis\Application Data\GDIPFONTCACHEV1.DAT
2006-11-27 00:10 46,760 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-05-31 00:15 1,917 ----a-w c:\program files\Installed Items.lnk
2004-08-30 15:28 39 ----a-w c:\documents and settings\Keisha Davis\Application Data\tvmcwrd.dll
2003-10-10 06:01 1,842,680 ---ha-w c:\documents and settings\Keisha Davis\kyf.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-08_12.32.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 21:40:55 45,056 ----a-w c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
+ 2008-12-08 21:37:59 28,672 ----a-w c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_cs_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_da_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_de_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 6,144 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_el_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_en_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_es_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_fi_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_fr_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_hu_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_it_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,632 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ja_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ko_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_nl_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_no_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_pl_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:53 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_pt_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 6,144 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_ru_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:54 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_sv_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_tr_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_zh-CHS_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:55 5,120 ----a-w c:\windows\assembly\GAC\hpodmres.resources\3.0.0.0_zh-CHT_a53cf5803f4c3827\hpodmres.resources.dll
+ 2008-12-08 21:42:52 610,304 ----a-w c:\windows\assembly\GAC\hpodmres\3.0.0.0__a53cf5803f4c3827\hpodmres.dll
+ 2008-12-08 21:42:51 81,920 ----a-w c:\windows\assembly\GAC\hpodmtab\3.0.0.0__a53cf5803f4c3827\hpodmtab.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2008-12-08 21:38:25 32,768 ----a-w c:\windows\assembly\GAC\hpqbpk10\3.0.0.0__a53cf5803f4c3827\hpqbpk10.dll
+ 2008-12-08 21:37:54 11,264 ----a-w c:\windows\assembly\GAC\hpqccrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqccrsc.resources.dll
+ 2008-12-08 21:37:54 155,648 ----a-w c:\windows\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
+ 2008-12-08 21:37:54 176,128 ----a-w c:\windows\assembly\GAC\hpqcmctl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcmctl.resources.dll
+ 2008-12-08 21:37:54 434,176 ----a-w c:\windows\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
+ 2008-12-08 21:41:49 24,576 ----a-w c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
+ 2008-12-08 21:41:50 5,632 ----a-w c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
+ 2008-12-08 21:41:50 139,264 ----a-w c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
+ 2008-12-08 21:38:23 28,672 ----a-w c:\windows\assembly\GAC\hpqcsc\3.0.0.0__a53cf5803f4c3827\hpqcsc.dll
+ 2008-12-08 21:38:25 20,480 ----a-w c:\windows\assembly\GAC\hpqdmbpk\3.0.0.0__a53cf5803f4c3827\hpqdmbpk.dll
+ 2008-12-08 21:38:25 36,864 ----a-w c:\windows\assembly\GAC\hpqdmpgl\3.0.0.0__a53cf5803f4c3827\hpqdmpgl.dll
+ 2008-12-08 21:38:29 57,344 ----a-w c:\windows\assembly\GAC\hpqdtmdl\3.0.0.0__a53cf5803f4c3827\hpqdtmdl.dll
+ 2008-12-08 21:38:25 28,672 ----a-w c:\windows\assembly\GAC\hpqfddc\3.0.0.0__a53cf5803f4c3827\hpqfddc.dll
+ 2008-12-08 21:38:26 20,480 ----a-w c:\windows\assembly\GAC\hpqfdl10\3.0.0.0__a53cf5803f4c3827\hpqfdl10.dll
+ 2008-12-08 21:37:55 5,632 ----a-w c:\windows\assembly\GAC\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
+ 2008-12-08 21:37:55 24,576 ----a-w c:\windows\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
+ 2008-12-08 21:37:56 86,016 ----a-w c:\windows\assembly\GAC\hpqgldlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgldlg.resources.dll
+ 2008-12-08 21:37:56 118,784 ----a-w c:\windows\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
+ 2008-12-08 21:37:56 24,576 ----a-w c:\windows\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
+ 2008-12-08 21:41:50 6,144 ----a-w c:\windows\assembly\GAC\hpqgprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgprsc.resources.dll
+ 2008-12-08 21:41:50 28,672 ----a-w c:\windows\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
+ 2008-12-08 21:41:51 61,440 ----a-w c:\windows\assembly\GAC\hpqgrobj\3.0.0.0__a53cf5803f4c3827\hpqgrobj.dll
+ 2008-12-08 21:37:57 61,440 ----a-w c:\windows\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
+ 2008-12-08 21:41:52 94,208 ----a-w c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll
+ 2008-12-08 21:41:51 184,320 ----a-w c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
+ 2008-12-08 21:38:16 73,728 ----a-w c:\windows\assembly\GAC\hpqieshl\3.0.0.0__a53cf5803f4c3827\hpqieshl.dll
+ 2008-12-08 21:38:16 9,728 ----a-w c:\windows\assembly\GAC\hpqieshr.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieshr.resources.dll
+ 2008-12-08 21:38:16 28,672 ----a-w c:\windows\assembly\GAC\hpqieshr\3.0.0.0__a53cf5803f4c3827\hpqieshr.dll
+ 2008-12-08 21:38:17 176,128 ----a-w c:\windows\assembly\GAC\hpqieshu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieshu.resources.dll
+ 2008-12-08 21:38:16 282,624 ----a-w c:\windows\assembly\GAC\hpqieshu\3.0.0.0__a53cf5803f4c3827\hpqieshu.dll
+ 2008-12-08 21:38:17 110,592 ----a-w c:\windows\assembly\GAC\hpqiesil\3.0.0.0__a53cf5803f4c3827\hpqiesil.dll
+ 2008-12-08 21:38:18 11,264 ----a-w c:\windows\assembly\GAC\hpqiesir.resources\3.0.0.0_en_a53cf5803f4c3827\hpqiesir.resources.dll
+ 2008-12-08 21:38:17 61,440 ----a-w c:\windows\assembly\GAC\hpqiesir\3.0.0.0__a53cf5803f4c3827\hpqiesir.dll
+ 2008-12-08 21:38:18 512,000 ----a-w c:\windows\assembly\GAC\hpqiesiu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqiesiu.resources.dll
+ 2008-12-08 21:38:18 749,568 ----a-w c:\windows\assembly\GAC\hpqiesiu\3.0.0.0__a53cf5803f4c3827\hpqiesiu.dll
+ 2008-12-08 21:38:20 28,672 ----a-w c:\windows\assembly\GAC\hpqievil\3.0.0.0__a53cf5803f4c3827\hpqievil.dll
+ 2008-12-08 21:38:21 6,144 ----a-w c:\windows\assembly\GAC\hpqievir.resources\3.0.0.0_en_a53cf5803f4c3827\hpqievir.resources.dll
+ 2008-12-08 21:38:20 20,480 ----a-w c:\windows\assembly\GAC\hpqievir\3.0.0.0__a53cf5803f4c3827\hpqievir.dll
+ 2008-12-08 21:38:21 57,344 ----a-w c:\windows\assembly\GAC\hpqieviu.resources\3.0.0.0_en_a53cf5803f4c3827\hpqieviu.resources.dll
+ 2008-12-08 21:38:21 86,016 ----a-w c:\windows\assembly\GAC\hpqieviu\3.0.0.0__a53cf5803f4c3827\hpqieviu.dll
+ 2008-12-08 21:37:56 16,384 ----a-w c:\windows\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
+ 2008-12-08 21:37:56 114,688 ----a-w c:\windows\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
+ 2008-12-08 21:40:56 32,768 ----a-w c:\windows\assembly\GAC\hpqisrtb\3.1.0.0__a53cf5803f4c3827\hpqisrtb.dll
+ 2008-12-08 21:40:56 184,320 ----a-w c:\windows\assembly\GAC\hpqistab\3.1.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2008-12-08 21:38:26 24,576 ----a-w c:\windows\assembly\GAC\hpqlpomc\3.0.0.0__a53cf5803f4c3827\hpqlpomc.dll
+ 2008-12-08 21:38:26 16,384 ----a-w c:\windows\assembly\GAC\hpqls\3.0.0.0__a53cf5803f4c3827\hpqls.dll
+ 2008-12-08 21:38:10 45,056 ----a-w c:\windows\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
+ 2008-12-08 21:38:10 36,864 ----a-w c:\windows\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
+ 2008-12-08 21:38:13 45,056 ----a-w c:\windows\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
+ 2008-12-08 21:38:23 20,480 ----a-w c:\windows\assembly\GAC\hpqpaac\3.0.0.0__a53cf5803f4c3827\hpqpaac.dll
+ 2008-12-08 21:38:26 4,608 ----a-w c:\windows\assembly\GAC\hpqpdrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpdrsc.resources.dll
+ 2008-12-08 21:38:26 24,576 ----a-w c:\windows\assembly\GAC\hpqpdrsc\3.0.0.0__a53cf5803f4c3827\hpqpdrsc.dll
+ 2008-12-08 21:38:27 20,480 ----a-w c:\windows\assembly\GAC\hpqpec10\3.0.0.0__a53cf5803f4c3827\hpqpec10.dll
+ 2008-12-08 21:38:27 40,960 ----a-w c:\windows\assembly\GAC\hpqpel10.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2008-12-08 21:38:27 86,016 ----a-w c:\windows\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
+ 2008-12-08 21:38:27 24,576 ----a-w c:\windows\assembly\GAC\hpqpepmc\3.0.0.0__a53cf5803f4c3827\hpqpepmc.dll
+ 2008-12-08 21:38:27 16,384 ----a-w c:\windows\assembly\GAC\hpqpesbc\3.0.0.0__a53cf5803f4c3827\hpqpesbc.dll
+ 2008-12-08 21:38:27 20,480 ----a-w c:\windows\assembly\GAC\hpqpimc\3.0.0.0__a53cf5803f4c3827\hpqpimc.dll
+ 2008-12-08 21:38:19 8,704 ----a-w c:\windows\assembly\GAC\hpqpitrc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpitrc.resources.dll
+ 2008-12-08 21:38:19 28,672 ----a-w c:\windows\assembly\GAC\hpqpitrc\3.0.0.0__a53cf5803f4c3827\hpqpitrc.dll
+ 2008-12-08 21:38:28 32,768 ----a-w c:\windows\assembly\GAC\hpqprdlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprdlg.resources.dll
+ 2008-12-08 21:38:27 45,056 ----a-w c:\windows\assembly\GAC\hpqprdlg\3.0.0.0__a53cf5803f4c3827\hpqprdlg.dll
+ 2008-12-08 21:41:52 315,392 ----a-w c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
+ 2008-12-08 21:38:28 57,344 ----a-w c:\windows\assembly\GAC\hpqprtsv\3.0.0.0__a53cf5803f4c3827\hpqprtsv.dll
+ 2008-12-08 21:38:28 110,592 ----a-w c:\windows\assembly\GAC\hpqprtui.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprtui.resources.dll
+ 2008-12-08 21:38:28 176,128 ----a-w c:\windows\assembly\GAC\hpqprtui\3.0.0.0__a53cf5803f4c3827\hpqprtui.dll
+ 2008-12-08 21:38:28 4,096 ----a-w c:\windows\assembly\GAC\hpqpsrac.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpsrac.resources.dll
+ 2008-12-08 21:38:28 24,576 ----a-w c:\windows\assembly\GAC\hpqpsrac\3.0.0.0__a53cf5803f4c3827\hpqpsrac.dll
+ 2008-12-08 21:38:11 16,384 ----a-w c:\windows\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
+ 2008-12-08 21:38:28 28,672 ----a-w c:\windows\assembly\GAC\hpqptl10\3.0.0.0__a53cf5803f4c3827\hpqptl10.dll
+ 2008-12-08 21:38:29 4,608 ----a-w c:\windows\assembly\GAC\hpqpuirc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpuirc.resources.dll
+ 2008-12-08 21:38:28 24,576 ----a-w c:\windows\assembly\GAC\hpqpuirc\3.0.0.0__a53cf5803f4c3827\hpqpuirc.dll
+ 2008-12-08 21:38:24 81,920 ----a-w c:\windows\assembly\GAC\hpqqpc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqqpc.resources.dll
+ 2008-12-08 21:38:24 143,360 ----a-w c:\windows\assembly\GAC\hpqqpc\3.0.0.0__a53cf5803f4c3827\hpqqpc.dll
+ 2008-12-08 21:38:14 57,344 ----a-w c:\windows\assembly\GAC\hpqshfop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqshfop.resources.dll
+ 2008-12-08 21:38:14 77,824 ----a-w c:\windows\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
+ 2008-12-08 21:38:15 16,384 ----a-w c:\windows\assembly\GAC\hpqsndto\3.0.0.0__a53cf5803f4c3827\hpqsndto.dll
+ 2008-12-08 21:37:57 4,096 ----a-w c:\windows\assembly\GAC\hpqthrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqthrsc.resources.dll
+ 2008-12-08 21:37:57 28,672 ----a-w c:\windows\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
+ 2008-12-08 21:37:57 40,960 ----a-w c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
+ 2008-12-08 21:37:57 61,440 ----a-w c:\windows\assembly\GAC\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
+ 2008-12-08 21:37:57 106,496 ----a-w c:\windows\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
+ 2008-12-08 21:37:55 69,632 ----a-w c:\windows\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
+ 2008-12-08 21:38:24 36,864 ----a-w c:\windows\assembly\GAC\hpqvec\3.0.0.0__a53cf5803f4c3827\hpqvec.dll
+ 2008-12-08 21:38:29 32,768 ----a-w c:\windows\assembly\GAC\hpqw32pr\3.0.0.0__a53cf5803f4c3827\hpqw32pr.dll
+ 2008-12-08 21:38:20 24,576 ----a-w c:\windows\assembly\GAC\hpqwpsz\3.0.0.0__a53cf5803f4c3827\hpqwpsz.dll
+ 2008-12-08 21:37:58 32,768 ----a-w c:\windows\assembly\GAC\Interop.hpdarc\1.7.1.0__a53cf5803f4c3827\Interop.hpdarc.dll
+ 2008-12-08 21:37:58 90,112 ----a-w c:\windows\assembly\GAC\Interop.hpocxi08\3.0.0.0__a53cf5803f4c3827\Interop.hpocxi08.dll
+ 2008-12-08 21:37:59 24,576 ----a-w c:\windows\assembly\GAC\interop.hpodae\2.0.468.1596__a53cf5803f4c3827\interop.hpodae.dll
+ 2008-12-08 21:37:59 53,248 ----a-w c:\windows\assembly\GAC\interop.hpodai\2.0.468.1596__a53cf5803f4c3827\interop.hpodai.dll
+ 2008-12-08 21:37:59 12,800 ----a-w c:\windows\assembly\GAC\interop.hpodaud\2.0.468.1596__a53cf5803f4c3827\interop.hpodaud.dll
+ 2008-12-08 21:37:58 86,016 ----a-w c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
+ 2008-12-08 21:37:58 10,240 ----a-w c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
+ 2008-12-08 21:37:58 159,744 ----a-w c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2008-12-08 21:37:59 15,360 ----a-w c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
+ 2008-12-08 21:37:59 6,656 ----a-w c:\windows\assembly\GAC\interop.hpodmp\2.0.468.1596__a53cf5803f4c3827\interop.hpodmp.dll
+ 2008-12-08 21:37:59 7,680 ----a-w c:\windows\assembly\GAC\interop.hpodmpv\2.0.468.1596__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2008-12-08 21:37:59 12,800 ----a-w c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.468.1596__a53cf5803f4c3827\interop.hpodmpv_md.dll
+ 2008-12-08 21:37:59 13,312 ----a-w c:\windows\assembly\GAC\interop.hpodtrk\2.0.468.1596__a53cf5803f4c3827\interop.hpodtrk.dll
+ 2008-12-08 21:38:00 13,312 ----a-w c:\windows\assembly\GAC\interop.hpodvid\2.0.468.1596__a53cf5803f4c3827\interop.hpodvid.dll
+ 2008-12-08 21:38:00 15,872 ----a-w c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.468.1596__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2008-12-08 21:37:58 5,632 ----a-w c:\windows\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
+ 2008-12-08 21:37:58 36,864 ----a-w c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
+ 2008-12-08 21:37:59 10,240 ----a-w c:\windows\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
+ 2008-12-08 21:40:56 18,944 ----a-w c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2008-12-08 21:40:56 126,976 ----a-w c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
+ 2008-12-08 21:38:06 81,920 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
+ 2008-12-08 21:38:07 90,112 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2008-12-08 21:38:06 69,632 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Ocr\13.0.0.35__9cf889f53ea9b907\LEAD.Drawing.Imaging.Ocr.dll
+ 2008-12-08 21:38:06 102,400 ----a-w c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
+ 2008-12-08 21:38:07 81,920 ----a-w c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.66__9cf889f53ea9b907\LEAD.Drawing.dll
+ 2008-12-08 21:38:08 106,496 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2008-12-08 21:38:09 69,632 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
+ 2008-12-08 21:38:08 77,824 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms.hp\13.0.0.58__9cf889f53ea9b907\LEAD.Windows.Forms.hp.dll
+ 2008-12-08 21:38:09 36,864 ----a-w c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.66__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2008-12-08 21:38:09 430,080 ----a-w c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.66__9cf889f53ea9b907\LEAD.Wrapper.dll
+ 2008-12-08 21:38:09 81,920 ----a-w c:\windows\assembly\GAC\LEAD\13.0.0.66__9cf889f53ea9b907\LEAD.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-12-08 21:36:52 4,150 ----a-r c:\windows\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
- 2008-10-15 07:13:42 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-12-10 21:12:30 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-10-15 07:13:42 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-12-10 21:12:30 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-10-15 07:13:42 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-12-10 21:12:30 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-10-15 07:13:41 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-12-10 21:12:30 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-10-15 07:13:42 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-12-10 21:12:30 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-10-15 07:13:42 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-12-10 21:12:30 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-10-15 07:13:42 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-12-10 21:12:30 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-10-15 07:13:41 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-12-10 21:12:30 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-10-15 07:13:42 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-12-10 21:12:30 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-10-15 07:13:42 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-12-10 21:12:30 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-10-15 07:13:41 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-12-10 21:12:30 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-10-15 07:13:41 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-12-10 21:12:29 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-06-24 07:01:33 135,168 ----a-r c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-10 21:08:41 135,168 ----a-r c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-13 08:29:49 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-10 21:14:58 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 08:29:51 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-10 21:14:58 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 08:29:51 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-10 21:14:58 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 08:29:52 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-10 21:14:58 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 08:29:52 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-10 21:14:58 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 08:29:50 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-10 21:14:58 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 08:29:50 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-10 21:14:58 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 08:29:51 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-10 21:14:58 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 08:29:52 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-10 21:14:58 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 08:29:50 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-10 21:14:58 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-04 08:08:33 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-10 21:15:24 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-04 08:08:37 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-10 21:15:25 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-04 08:08:34 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-10 21:15:24 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-04 08:08:35 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-10 21:15:24 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-04 08:08:36 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-10 21:15:25 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-04 08:08:37 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-10 21:15:25 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-04 08:08:38 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-10 21:15:25 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-04 08:08:35 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-10 21:15:24 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-04 08:08:35 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-10 21:15:24 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-04 08:08:36 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-10 21:15:25 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-04 08:08:37 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-10 21:15:25 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-04 08:08:34 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-10 21:15:24 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-08 03:55:48 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-12-08 03:55:48 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-12-08 21:43:11 40,960 ----a-r c:\windows\Installer\{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2004-09-18 19:14:06 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2008-12-08 21:41:25 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2004-09-18 19:14:06 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2008-12-08 21:41:25 40,960 ----a-r c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2008-08-26 07:24:28 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-08-26 07:24:28 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2001-09-06 02:00:58 1,700,352 ----a-w c:\windows\SYSTEM32\gdiplus.dll
+ 2003-07-25 16:15:20 212,992 ----a-w c:\windows\SYSTEM32\HPODStormEncoder.dll
+ 2003-01-31 17:59:46 118,784 ----a-r c:\windows\SYSTEM32\HPODXPAT.DLL
+ 2003-08-11 08:07:40 565,248 ----a-w c:\windows\SYSTEM32\hpotscl.dll
+ 2003-08-11 08:07:40 77,824 ----a-w c:\windows\SYSTEM32\hpovst08.dll
- 2003-08-11 08:07:38 65,795 ----a-w c:\windows\SYSTEM32\hpzipm12.exe
+ 2007-02-21 01:35:02 73,728 ----a-w c:\windows\SYSTEM32\hpzipm12.exe
+ 2003-07-22 14:12:34 49,152 ----a-r c:\windows\SYSTEM32\hpzjrd01.dll
+ 2003-07-22 14:12:36 94,208 ----a-r c:\windows\SYSTEM32\hpzjsn01.dll
+ 2003-08-11 08:07:34 204,866 ----a-w c:\windows\SYSTEM32\hpzsnt09.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2002-01-05 09:48:16 974,848 ----a-w c:\windows\SYSTEM32\mfc70.dll
+ 2002-01-05 09:36:38 964,608 ----a-w c:\windows\SYSTEM32\mfc70u.dll
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2002-01-05 08:40:20 487,424 ----a-w c:\windows\SYSTEM32\msvcp70.dll
+ 2002-01-05 08:37:28 344,064 ----a-w c:\windows\SYSTEM32\msvcr70.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2003-08-11 08:07:40 140,982 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpof5509.dat
+ 2003-08-11 08:07:40 36,864 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpofax08.dll
+ 2003-08-11 08:07:42 140,928 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpop5509.dat
+ 2003-08-11 08:07:34 204,800 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpz2ku09.dll
+ 2003-08-11 08:07:32 245,760 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcfg09.exe
+ 2003-08-11 08:07:34 208,896 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcoi09.dll
+ 2003-08-11 08:07:32 270,336 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzcon09.dll
+ 2003-08-11 08:07:32 643,072 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzeng09.exe
+ 2003-08-11 08:07:32 81,920 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzflt09.dll
+ 2003-08-11 08:07:32 1,585,152 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzimc09.dll
+ 2003-08-11 08:07:34 221,184 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzime09.dll
+ 2007-02-21 01:35:02 73,728 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE
+ 2003-08-11 08:07:34 200,704 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzjui09.dll
+ 2003-08-11 08:07:34 147,512 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzlnt09.dll
+ 2003-08-11 08:07:34 479,232 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzpm309.dll
+ 2003-08-11 08:07:34 335,872 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzpre09.exe
+ 2003-08-11 08:07:42 9,707,520 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzr3209.dll
+ 2003-08-11 08:07:34 49,152 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzrer09.dll
+ 2003-08-11 08:07:34 380,928 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzres09.dll
+ 2003-08-11 08:07:42 319,488 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzrm309.dll
+ 2003-08-11 08:07:34 692,224 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzslk09.dll

Edited by CorporateKD, 10 December 2008 - 07:01 PM.

[CorporateKD]

Andrewuk:

Here is Part 2 of my ComboFix log.

+ 2003-08-11 08:07:34 204,866 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzsnt09.dll
+ 2003-08-11 08:07:34 376,832 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzstc09.exe
+ 2003-08-11 08:07:34 172,032 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzstw09.exe
+ 2003-08-11 08:07:34 73,728 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztbi09.dll
+ 2003-08-11 08:07:34 188,416 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztbu09.exe
+ 2003-08-11 08:07:34 442,368 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztbx09.exe
+ 2003-08-11 08:07:34 163,891 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpzvip09.dll
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\SYSTEM32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\SYSTEM32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll
+ 2008-12-10 21:19:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_178.dat
+ 2008-12-10 21:18:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2008-12-08 21:36:26 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSIFile]
@="{FE2E26BF-1833-43B6-920F-23EA82E9BD51}"
[HKEY_CLASSES_ROOT\CLSID\{FE2E26BF-1833-43B6-920F-23EA82E9BD51}]
2005-05-02 13:30 1448448 --a------ c:\progra~1\THESIM~1\TSRWIZ~1\SHELLI~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue Setup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue Setup.lnk
backup=c:\windows\pss\Continue Setup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\updater.lnk
backup=c:\windows\pss\updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Keisha Davis^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Keisha Davis\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AStart]
c:\windows\AStart [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 21:26 368706 c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 19:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
--a------ 2004-05-27 20:05 323584 c:\program files\Common Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 06:25 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 13:16 49152 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a------ 2001-08-01 11:30 94208 c:\program files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToAssist"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NMSSvc"=3 (0x3)
"MSSQL$MSSMLBIZ"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Keisha Davis\\My Documents\\IEXPLORE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-07 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-07 20560]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-06-26 34712]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2006-09-12 109008]
S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-03-09 24652]
.
Contents of the 'Scheduled Tasks' folder

2004-02-18 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1077087270.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]

2004-09-19 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1095535072.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]

2008-12-08 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1228772637.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\PrintControl.dll - O16 -: {19529B56-E206-4F0B-B44E-97B5F4861E6A}
hxxps://clinicalreports.almacgroup.com/crystalreportviewers115/ActiveXControls/PrintControl.cab
c:\windows\Downloaded Program Files\PrintControl.inf

O16 -: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.sra.com/SNX/CSHELL/extender.cab
c:\windows\Downloaded Program Files\msi.inf

c:\windows\System32\sqlite.def - c:\windows\System32\sqlite.dll
c:\windows\System32\Unzip32.dll
c:\windows\wizarduninstall.exe
c:\windows\Downloaded Program Files\TSRInstallationWizard.ocx
c:\program files\Ibibi AB\TSR Installation Wizard\wizarduninstall.exe
c:\program files\Ibibi AB\TSR Installation Wizard\Unzip32.dll
O16 -: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F}
hxxp://www.thesimsresource.com/TSRInstallationWizard.cab
c:\windows\Downloaded Program Files\TSRInstallationWizard.inf

c:\windows\SYSTEM32\msvcrt.dll - c:\windows\SYSTEM32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC}
hxxp://www.thesecret.tv/movie/player/player_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
FireFox -: Profile - c:\documents and settings\Keisha Davis\Application Data\Mozilla\Firefox\Profiles\gcavcvdb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 17:41:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-10 17:43:58
ComboFix-quarantined-files.txt 2008-12-10 22:42:36
ComboFix2.txt 2008-12-08 17:34:08
ComboFix3.txt 2008-12-08 01:04:47
ComboFix4.txt 2008-11-26 20:56:04
ComboFix5.txt 2008-12-10 22:31:27

Pre-Run: 2,110,242,816 bytes free
Post-Run: 2,204,405,760 bytes free

772 --- E O F --- 2008-12-10 21:15:36

[CorporateKD]

Andrewuk:

Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:46 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} (Crystal Reports Print Control 11.5) - https://clinicalrepo...rintControl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://vpn.sra.com/...LL/extender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F} (TSRFileManagerXControl Control) - http://www.thesimsre...ationWizard.cab
O16 - DPF: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC} (VPlayer Control) - http://www.thesecret...player_ocx.jpeg
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6593 bytes

[andrewuk]

looking better.

i just want to make one more check.

but firstly, in the last post i wanted to delete the following files:
"C:\Documents and Settings\Keisha Davis\My Documents\ .htm"
C:\updaterInstall_102.exe
C:\WINDOWS\gsi.exe
C:\WINDOWS\SYSTEM32\MyExplore.exe
C:\WINDOWS\SYSTEM32\WinExplore.exe

can you confirm that those files are gone please. if not, run the last combofix script again and check to see that they are gone.


and then:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

andrewuk

Edited by andrewuk, 10 December 2008 - 07:37 PM.

[CorporateKD]

Andrewuk:

Sorry about the files! I think in my haste I must have forgotten to drag the actual file onto the ComboFix icon before running. I made sure that it was done this time though. Here is the ComboFix log:

ComboFix 08-12-09.03 - Keisha Davis 2008-12-10 23:26:34.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.578 [GMT -5:00]
Running from: c:\documents and settings\Keisha Davis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keisha Davis\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\documents and settings\Keisha Davis\My Documents\ .htm"
.

((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-08 18:24 . 2008-12-08 18:24 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-08 18:23 . 2008-12-08 18:23 208 --a------ c:\windows\HpBestModeUpdatePatchLog.ini
2008-12-08 16:36 . 2008-12-08 16:36 <DIR> d-------- c:\program files\Common Files\HP
2008-12-08 16:35 . 2004-10-07 20:16 35,840 --a------ c:\windows\SYSTEM32\DRIVERS\AFS2K.SYS
2008-12-08 16:25 . 2003-08-11 03:07 34,468 --------- c:\windows\hpomdl03.dat
2008-12-08 16:25 . 2008-12-08 17:36 28,947 --a------ c:\windows\hpoins03.dat
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-08 14:46 . 2008-12-08 14:46 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 14:01 . 2008-12-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2008-12-08 14:00 . 2008-12-08 14:00 61,224 --a------ c:\documents and settings\Keisha Davis\GoToAssistDownloadHelper.exe
2008-12-07 23:35 . 2008-12-07 23:35 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 22:56 . 2008-12-07 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 22:55 . 2008-12-08 01:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-07 22:55 . 2008-12-07 22:55 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\SUPERAntiSpyware.com
2008-12-07 22:54 . 2008-12-07 22:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-07 22:44 . 2003-08-11 03:07 278,528 --a------ c:\windows\SYSTEM32\hpdj
2008-12-07 18:05 . 2008-04-13 19:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2008-12-07 18:04 . 2008-04-13 19:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2008-12-07 18:04 . 2008-04-13 19:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2008-12-07 18:04 . 2008-04-13 19:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2008-12-07 18:04 . 2008-04-13 19:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2008-12-07 18:04 . 2008-04-13 19:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2008-12-07 18:04 . 2008-04-13 19:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2008-12-07 18:04 . 2008-04-13 19:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2008-12-07 18:04 . 2008-04-13 19:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2008-12-07 18:04 . 2008-04-13 13:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-12-07 18:02 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2008-12-07 18:02 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2008-12-07 18:02 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2008-12-07 16:55 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-07 16:54 . 2008-12-07 16:55 <DIR> d-------- C:\5325c27c11806dc08f3bab9c
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 05:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2008-12-07 16:54 . 2008-07-06 07:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2008-12-07 16:53 . 2008-12-07 19:01 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-04 09:00 . 2008-12-04 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-04 08:31 . 2008-12-04 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 21:08 . 2008-11-10 03:39 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-02 20:24 . 2006-10-26 19:56 32,592 --a------ c:\windows\SYSTEM32\msonpmon.dll
2008-12-02 20:22 . 2008-12-07 16:55 <DIR> d-------- c:\program files\MSBuild
2008-12-02 20:17 . 2008-12-02 20:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-27 09:13 . 2008-11-27 09:14 <DIR> d-------- c:\documents and settings\Keisha Davis\.SunDownloadManager
2008-11-27 08:48 . 2008-11-27 08:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-27 08:42 . 2008-11-27 09:24 <DIR> d-------- c:\program files\NOS
2008-11-27 08:42 . 2008-11-27 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-26 16:16 . 2008-11-10 05:43 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-25 15:23 . 2008-11-25 15:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 01:17 . 2008-12-07 19:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-25 01:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-12 22:14 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 23:27 --------- d-----w c:\program files\Overland
2008-12-08 19:00 --------- d-----w c:\program files\Citrix
2008-12-08 13:49 --------- d-----w c:\program files\Common Files\tsa
2008-12-08 13:43 --------- d-----w c:\program files\altpayV2
2008-12-08 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Mail Mp3 Flaw 64
2008-12-08 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-08 04:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 04:17 --------- d-----w c:\program files\EPSON
2008-12-08 00:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 00:31 --------- d-----w c:\program files\Java
2008-12-08 00:23 5,896 ----a-w c:\windows\SYSTEM32\PerfStringBackup.TMP
2008-12-08 00:17 --------- d-----w c:\program files\Yahoo!
2008-12-07 00:37 --------- d-----w c:\program files\CheckPoint
2008-12-07 00:35 --------- d-----w c:\program files\BitZipper
2008-12-07 00:34 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\BitZipper
2008-11-27 13:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-30 03:30 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 14:04 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\webex
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-14 11:45 --------- d-----w c:\program files\HP
2008-10-13 20:13 --------- d-----w c:\program files\iTunes
2008-10-13 20:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 20:12 --------- d-----w c:\program files\iPod
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Keisha Davis\Application Data\GTek
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Guest\Application Data\Gtek
2008-10-12 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2008-10-12 00:19 --------- d-----w c:\program files\Dell Support Center
2008-10-12 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-10-11 23:20 --------- d-----w c:\program files\FreeFixer
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-02-06 05:38 54,752 ----a-w c:\documents and settings\Keisha Davis\Application Data\GDIPFONTCACHEV1.DAT
2006-11-27 00:10 46,760 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-05-31 00:15 1,917 ----a-w c:\program files\Installed Items.lnk
2004-08-30 15:28 39 ----a-w c:\documents and settings\Keisha Davis\Application Data\tvmcwrd.dll
2003-10-10 06:01 1,842,680 ---ha-w c:\documents and settings\Keisha Davis\kyf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSIFile]
@="{FE2E26BF-1833-43B6-920F-23EA82E9BD51}"
[HKEY_CLASSES_ROOT\CLSID\{FE2E26BF-1833-43B6-920F-23EA82E9BD51}]
2005-05-02 13:30 1448448 --a------ c:\progra~1\THESIM~1\TSRWIZ~1\SHELLI~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue Setup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue Setup.lnk
backup=c:\windows\pss\Continue Setup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\updater.lnk
backup=c:\windows\pss\updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Keisha Davis^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Keisha Davis\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AStart]
c:\windows\AStart [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 21:26 368706 c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 19:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
--a------ 2004-05-27 20:05 323584 c:\program files\Common Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 06:25 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 13:16 49152 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a------ 2001-08-01 11:30 94208 c:\program files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToAssist"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NMSSvc"=3 (0x3)
"MSSQL$MSSMLBIZ"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Keisha Davis\\My Documents\\IEXPLORE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-07 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-07 20560]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-06-26 34712]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2006-09-12 109008]
S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-03-09 24652]
.
Contents of the 'Scheduled Tasks' folder

2004-02-18 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1077087270.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]

2004-09-19 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1095535072.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]

2008-12-08 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1228772637.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\PrintControl.dll - O16 -: {19529B56-E206-4F0B-B44E-97B5F4861E6A}
hxxps://clinicalreports.almacgroup.com/crystalreportviewers115/ActiveXControls/PrintControl.cab
c:\windows\Downloaded Program Files\PrintControl.inf

O16 -: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.sra.com/SNX/CSHELL/extender.cab
c:\windows\Downloaded Program Files\msi.inf

c:\windows\System32\sqlite.def - c:\windows\System32\sqlite.dll
c:\windows\System32\Unzip32.dll
c:\windows\wizarduninstall.exe
c:\windows\Downloaded Program Files\TSRInstallationWizard.ocx
c:\program files\Ibibi AB\TSR Installation Wizard\wizarduninstall.exe
c:\program files\Ibibi AB\TSR Installation Wizard\Unzip32.dll
O16 -: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F}
hxxp://www.thesimsresource.com/TSRInstallationWizard.cab
c:\windows\Downloaded Program Files\TSRInstallationWizard.inf

c:\windows\SYSTEM32\msvcrt.dll - c:\windows\SYSTEM32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC}
hxxp://www.thesecret.tv/movie/player/player_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
FireFox -: Profile - c:\documents and settings\Keisha Davis\Application Data\Mozilla\Firefox\Profiles\gcavcvdb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:30:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-10 23:32:52
ComboFix-quarantined-files.txt 2008-12-11 04:31:35
ComboFix2.txt 2008-12-10 22:44:00
ComboFix3.txt 2008-12-08 17:34:08
ComboFix4.txt 2008-12-08 01:04:47
ComboFix5.txt 2008-12-11 04:25:42

Pre-Run: 2,175,942,656 bytes free
Post-Run: 2,157,383,680 bytes free

347 --- E O F --- 2008-12-10 21:15:36

[CorporateKD]

Andrewuk:

Here is the Lop S&D log:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.40GHz )
BIOS : Default System BIOS
USER : Keisha Davis ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081210-0] 4.8.1296 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:2 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Wed 12/10/2008|23:43 )

--------------------\\ Listing folders in APPLIC~1

[02/13/2003|02:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[09/09/2004|01:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/13/2008|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/27/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/25/2006|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[03/09/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[03/09/2008|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/14/2006|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[04/07/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/03/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/13/2003|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[12/08/2008|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Citrix
[10/26/2003|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DelFin
[03/30/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[10/11/2008|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[12/04/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[05/31/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[12/07/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mail Mp3 Flaw 64
[11/25/2008|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[12/04/2008|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[12/07/2008|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[12/02/2008|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/10/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/18/2003|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[12/02/2006|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NETg
[11/27/2008|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[07/06/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[03/12/2004|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media
[07/02/2008|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[05/11/2004|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[02/13/2003|03:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[02/13/2003|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[11/08/2003|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[12/07/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/11/2008|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[12/07/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/25/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[02/10/2005|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> UDL
[03/09/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/10/2006|02:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[02/02/2007|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[02/13/2003|02:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[02/13/2003|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/17/2008|08:23] C:\DOCUME~1\Guest\APPLIC~1\<DIR> acccore
[02/20/2008|03:13] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[08/18/2008|08:33] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Apple Computer
[10/11/2008|07:23] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Gtek
[02/13/2003|02:57] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[05/21/2008|02:36] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[05/17/2008|10:51] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[05/17/2008|08:23] C:\DOCUME~1\Guest\APPLIC~1\<DIR> QQ Games Plugin
[08/18/2008|08:33] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Skinux
[02/10/2008|02:58] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Sun
[05/17/2008|02:51] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Viewpoint
[05/17/2008|07:58] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Windows Desktop Search
[04/12/2006|09:57] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Yahoo!

[06/21/2006|06:17] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> acccore
[11/27/2008|08:29] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Adobe
[02/01/2007|07:30] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> AdobeUM
[10/29/2008|10:30] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Apple Computer
[12/06/2008|07:34] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> BitZipper
[03/01/2004|05:22] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> COREL
[09/19/2003|06:11] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> CyberLink
[10/28/2005|11:39] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> DownloadManager
[06/13/2008|05:51] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Flickr
[11/20/2004|10:37] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> funkitron
[09/28/2008|03:37] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> GamesCafe
[10/11/2008|07:23] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> GTek
[02/20/2003|07:04] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Help
[08/13/2006|03:54] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> ICAClient
[02/13/2003|02:57] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Identities
[05/24/2007|10:42] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> IMVU
[01/25/2004|07:42] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Kontiki
[02/10/2005|06:42] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Leadertech
[06/14/2004|12:30] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Lycos
[11/27/2008|08:29] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Macromedia
[11/25/2008|01:17] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Malwarebytes
[10/11/2008|07:08] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Microsoft
[04/07/2008|08:18] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Mozilla
[02/18/2003|10:32] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> MSN6
[06/15/2005|06:57] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Musicmatch
[11/04/2003|09:20] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> POP!
[03/09/2008|01:09] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> QQ Games Plugin
[12/06/2003|10:36] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Roxio
[05/31/2008|11:56] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Skinux
[05/31/2006|05:26] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> SmartDraw
[05/14/2007|06:28] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Sun
[12/07/2008|10:55] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/07/2008|08:18] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Talkback
[06/07/2007|05:35] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Viewpoint
[10/16/2008|09:04] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> webex
[05/14/2008|08:25] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Windows Desktop Search
[01/29/2008|01:45] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> WinRAR
[12/26/2004|01:40] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Yahoo!
[08/15/2005|06:24] C:\DOCUME~1\KEISHA~1\APPLIC~1\<DIR> Yahoo! Messenger

[07/01/2006|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[09/28/2008|03:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/11/2008|04:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[10/11/2008|02:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[05/14/2008|08:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/08/2008 06:33 PM][--a------] C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1228772637.job
[09/19/2004 12:36 PM][--a------] C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1095535072.job
[02/18/2004 02:07 AM][--a------] C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1077087270.job
[10/11/2008 04:27 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 06:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[02/14/2005|09:52] C:\Program Files\<DIR> 4Musics OGG to MP3 Converter
[11/27/2008|08:49] C:\Program Files\<DIR> Adobe
[06/08/2005|08:10] C:\Program Files\<DIR> Ahead
[03/09/2008|01:09] C:\Program Files\<DIR> AIM6
[08/17/2008|11:57] C:\Program Files\<DIR> AIMTunes
[12/08/2008|08:43] C:\Program Files\<DIR> altpayV2
[12/07/2008|11:35] C:\Program Files\<DIR> Alwil Software
[10/10/2007|02:19] C:\Program Files\<DIR> Analog Devices
[12/26/2004|09:41] C:\Program Files\<DIR> Anti-Leech
[12/16/2006|09:43] C:\Program Files\<DIR> AOD
[09/27/2008|04:22] C:\Program Files\<DIR> Apple Software Update
[07/20/2004|05:28] C:\Program Files\<DIR> AWS
[08/21/2004|08:26] C:\Program Files\<DIR> Bazooka Scanner
[12/06/2008|07:35] C:\Program Files\<DIR> BitZipper
[09/27/2008|04:29] C:\Program Files\<DIR> Bonjour
[09/18/2005|08:57] C:\Program Files\<DIR> Britannica
[09/18/2005|08:57] C:\Program Files\<DIR> BroadJump
[06/13/2007|08:16] C:\Program Files\<DIR> Business Objects
[12/06/2008|07:37] C:\Program Files\<DIR> CheckPoint
[12/08/2008|02:00] C:\Program Files\<DIR> Citrix
[02/13/2003|03:23] C:\Program Files\<DIR> Classic PhoneTools
[12/10/2008|11:29] C:\Program Files\<DIR> Common Files
[02/13/2003|03:23] C:\Program Files\<DIR> CyberLink
[11/05/2003|12:55] C:\Program Files\<DIR> Dell
[02/13/2003|03:27] C:\Program Files\<DIR> Dell Computer
[02/13/2003|03:23] C:\Program Files\<DIR> Dell Modem-On-Hold
[10/06/2006|09:03] C:\Program Files\<DIR> Dell Support
[10/11/2008|07:19] C:\Program Files\<DIR> Dell Support Center
[02/13/2003|03:23] C:\Program Files\<DIR> Digital Line Detect
[02/05/2008|09:03] C:\Program Files\<DIR> EA GAMES
[03/23/2003|06:11] C:\Program Files\<DIR> Easy CD Creator 5
[12/07/2008|11:17] C:\Program Files\<DIR> EPSON
[06/13/2008|05:51] C:\Program Files\<DIR> Flickr Uploadr
[10/11/2008|06:20] C:\Program Files\<DIR> FreeFixer
[06/27/2005|10:30] C:\Program Files\<DIR> GoldPocket
[12/06/2003|12:42] C:\Program Files\<DIR> HighMAT CD Writing Wizard
[11/05/2005|04:43] C:\Program Files\<DIR> Hijack This
[10/14/2008|06:45] C:\Program Files\<DIR> HP
[12/26/2007|06:17] C:\Program Files\<DIR> Ibibi AB
[09/18/2005|09:01] C:\Program Files\<DIR> iLumina
[12/07/2008|11:17] C:\Program Files\<DIR> InstallShield Installation Information
[02/13/2003|03:21] C:\Program Files\<DIR> intel
[12/10/2008|04:12] C:\Program Files\<DIR> Internet Explorer
[10/13/2008|03:12] C:\Program Files\<DIR> iPod
[10/13/2008|03:13] C:\Program Files\<DIR> iTunes
[02/13/2003|03:24] C:\Program Files\<DIR> Jasc Software Inc
[12/07/2008|07:31] C:\Program Files\<DIR> Java
[05/31/2008|11:39] C:\Program Files\<DIR> Kodak
[12/07/2008|07:21] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[05/29/2003|12:07] C:\Program Files\<DIR> McAfee.com
[12/07/2008|06:54] C:\Program Files\<DIR> Messenger
[02/24/2003|12:31] C:\Program Files\<DIR> Microsoft ActiveSync
[05/15/2008|02:04] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[02/20/2003|07:00] C:\Program Files\<DIR> microsoft frontpage
[05/14/2008|08:55] C:\Program Files\<DIR> Microsoft Office
[02/23/2003|07:35] C:\Program Files\<DIR> Microsoft Office XP
[05/14/2008|09:01] C:\Program Files\<DIR> Microsoft Small Business
[07/09/2008|02:07] C:\Program Files\<DIR> Microsoft SQL Server
[02/24/2003|12:30] C:\Program Files\<DIR> Microsoft Visual Studio
[12/02/2008|08:17] C:\Program Files\<DIR> Microsoft Visual Studio 8
[05/14/2008|06:50] C:\Program Files\<DIR> Microsoft Works
[05/14/2008|08:50] C:\Program Files\<DIR> Microsoft.NET
[02/13/2003|03:23] C:\Program Files\<DIR> Modem Helper
[12/07/2008|06:42] C:\Program Files\<DIR> Movie Maker
[10/10/2008|10:38] C:\Program Files\<DIR> Mozilla Firefox
[12/07/2008|04:55] C:\Program Files\<DIR> MSBuild
[12/08/2008|02:46] C:\Program Files\<DIR> MSECACHE
[12/06/2008|07:54] C:\Program Files\<DIR> msn
[02/13/2003|02:57] C:\Program Files\<DIR> MSN Gaming Zone
[12/17/2006|03:05] C:\Program Files\<DIR> MSXML 4.0
[05/15/2008|02:03] C:\Program Files\<DIR> MSXML 6.0
[05/26/2007|11:11] C:\Program Files\<DIR> MTV Networks
[05/26/2007|11:10] C:\Program Files\<DIR> MTV Networks(2)
[06/15/2005|06:57] C:\Program Files\<DIR> MUSICMATCH
[07/24/2007|11:13] C:\Program Files\<DIR> NETGEAR
[12/07/2008|06:34] C:\Program Files\<DIR> NetMeeting
[11/27/2008|09:24] C:\Program Files\<DIR> NOS
[12/30/2007|02:11] C:\Program Files\<DIR> NVIDIA Corporation
[10/22/2004|05:21] C:\Program Files\<DIR> OfficeUpdate11
[02/04/2004|11:08] C:\Program Files\<DIR> Online Services
[12/07/2008|06:34] C:\Program Files\<DIR> Outlook Express
[12/08/2008|06:27] C:\Program Files\<DIR> Overland
[07/02/2006|12:09] C:\Program Files\<DIR> QUICKENW
[09/27/2008|04:27] C:\Program Files\<DIR> QuickTime
[12/07/2008|04:55] C:\Program Files\<DIR> Reference Assemblies
[01/02/2007|10:00] C:\Program Files\<DIR> Sierra On-Line
[12/30/2007|01:02] C:\Program Files\<DIR> SimPE
[11/07/2007|10:18] C:\Program Files\<DIR> Sims2 Content Manager
[12/29/2007|07:11] C:\Program Files\<DIR> Sims2Pack Clean Installer
[11/04/2003|11:16] C:\Program Files\<DIR> SpyBot
[12/08/2008|01:52] C:\Program Files\<DIR> SUPERAntiSpyware
[10/10/2007|01:42] C:\Program Files\<DIR> SystemRequirementsLab
[03/09/2008|01:09] C:\Program Files\<DIR> Tencent
[05/30/2005|06:46] C:\Program Files\<DIR> TheSimsResource
[11/25/2008|03:23] C:\Program Files\<DIR> Trend Micro
[11/20/2004|10:36] C:\Program Files\<DIR> TryMedia
[07/02/2004|08:50] C:\Program Files\<DIR> Uninstall Information
[03/09/2008|01:08] C:\Program Files\<DIR> Viewpoint
[09/07/2004|03:21] C:\Program Files\<DIR> WexTech
[05/14/2008|08:23] C:\Program Files\<DIR> Windows Desktop Search
[12/08/2008|02:46] C:\Program Files\<DIR> Windows Installer Clean Up
[09/27/2008|04:54] C:\Program Files\<DIR> Windows Media Connect 2
[12/07/2008|06:34] C:\Program Files\<DIR> Windows Media Player
[12/07/2008|06:34] C:\Program Files\<DIR> Windows NT
[08/13/2004|04:28] C:\Program Files\<DIR> WindowsUpdate
[09/08/2005|05:20] C:\Program Files\<DIR> Windrv
[01/29/2008|01:45] C:\Program Files\<DIR> WinRAR
[01/24/2004|04:14] C:\Program Files\<DIR> WinZip
[01/02/2007|10:00] C:\Program Files\<DIR> WON
[02/13/2003|02:57] C:\Program Files\<DIR> XEROX
[09/15/2005|06:11] C:\Program Files\<DIR> xpdrv32
[12/07/2008|07:17] C:\Program Files\<DIR> Yahoo!
[10/06/2008|09:46] C:\Program Files\<DIR> Yahoo! Games
[07/05/2007|07:19] C:\Program Files\<DIR> Yellow Pages
[09/22/2008|05:15] C:\Program Files\<DIR> Your Company

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/14/2005|10:04] C:\Program Files\Common Files\<DIR> Adaptec Shared
[11/27/2008|08:46] C:\Program Files\Common Files\<DIR> Adobe
[11/27/2008|08:48] C:\Program Files\Common Files\<DIR> Adobe AIR
[06/06/2006|06:12] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[02/04/2007|08:23] C:\Program Files\Common Files\<DIR> AOL
[09/27/2008|04:26] C:\Program Files\Common Files\<DIR> Apple
[02/13/2003|03:21] C:\Program Files\Common Files\<DIR> Dell
[02/24/2003|12:30] C:\Program Files\Common Files\<DIR> Designer
[06/08/2005|08:39] C:\Program Files\Common Files\<DIR> EasyInfo
[03/23/2003|06:06] C:\Program Files\Common Files\<DIR> efax
[02/18/2004|01:44] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[12/08/2008|04:36] C:\Program Files\Common Files\<DIR> HP
[12/26/2004|07:07] C:\Program Files\Common Files\<DIR> InstallShield
[05/14/2007|06:27] C:\Program Files\Common Files\<DIR> Java
[05/31/2008|11:38] C:\Program Files\Common Files\<DIR> Kodak
[02/24/2003|12:29] C:\Program Files\Common Files\<DIR> L&H
[09/07/2004|03:21] C:\Program Files\Common Files\<DIR> LHSPF
[12/02/2008|08:22] C:\Program Files\Common Files\<DIR> Microsoft Shared
[02/13/2003|02:57] C:\Program Files\Common Files\<DIR> MSSoap
[06/21/2006|06:15] C:\Program Files\Common Files\<DIR> Nullsoft
[02/13/2003|02:57] C:\Program Files\Common Files\<DIR> ODBC
[06/26/2006|07:58] C:\Program Files\Common Files\<DIR> Palo Alto Software Inc
[06/08/2005|08:13] C:\Program Files\Common Files\<DIR> Real
[02/13/2003|02:57] C:\Program Files\Common Files\<DIR> Services
[02/13/2003|02:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/23/2003|06:26] C:\Program Files\Common Files\<DIR> SWF Studio
[12/07/2008|06:34] C:\Program Files\Common Files\<DIR> System
[12/08/2008|08:49] C:\Program Files\Common Files\<DIR> tsa
[09/07/2004|03:21] C:\Program Files\Common Files\<DIR> WexTech Shared
[12/07/2008|10:54] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 25 Processes )

iexplore.exe ~ [PID:636]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:44:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:69][D:0]-> C:\DOCUME~1\KEISHA~1\Cookies
[F:132][D:4]-> C:\DOCUME~1\EISHA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 12/10/2008|23:46 - Option : [1]

--------------------\\ Scan completed at 23:46:13

[andrewuk]

your logs are looking much better now. how is your machine running?

also, could you manually check to see if these files now exist?
"C:\Documents and Settings\Keisha Davis\My Documents\ .htm"
C:\updaterInstall_102.exe
C:\WINDOWS\gsi.exe
C:\WINDOWS\SYSTEM32\MyExplore.exe
C:\WINDOWS\SYSTEM32\WinExplore.exe

if they are there, let me know and we will remove them another way.

andrewuk

[CorporateKD]

Andrewuk:

Those files are all gone!

My machine runs pretty fast after it starts up but the start-up process is pretty slow. A lot slower than it once was. But I am glad that the viruses are gone at least!

Is there anything that I can do to get some speed back?

KD

[andrewuk]

Hello CorporateKD

congratulations, your logs are clean and another fix is in the can

My machine runs pretty fast after it starts up but the start-up process is pretty slow. A lot slower than it once was.

it will be slower, it looks like your machine has been doing alot of updating as we cleared the malware. and loading up avast at the start will slowing things a little. however, below i have included a link on how to speed your machine up. on that page there are various very useful things you can do including running a program called RubberDucky's StartUpLite (link on the page) which will allow you to disable various unneccessary programs on startup.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix, the tools used in the removal of malware and to flush your system restore points

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

you can remove malwarebytes via the add/remove programs in your control panel. also, if the Avenger program is still on your desktop, then delete it as well.


====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk

[andrewuk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.