Win32/Zbot.G

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Win32/Zbot.G Help This is taking over my laptop

#16 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 20 March 2011 - 02:09 AM

Hey,

Let's try something bigger:

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\Program Files\kqjugoya\swxhqriq.exe

Folders to delete:
C:\Program Files\kqjugoya

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .

#17 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 20 March 2011 - 04:21 AM

Hi,

I did as requested and the laptop now freezes when boots up! I get windows screen then it just goes to black screen and get nothing else then???

My only option will be to do a clean install of XP now.

Thanks for your help anyway.

O

#18 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 20 March 2011 - 05:12 AM

Hey,

We can try to solve this.

Please try to boot in safe mode, and if it doesn't work, try to boot in safe mode with command prompt and tell me if you can.

If you can't try this:

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

- Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
- Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
Please also decompress eeepcfr to your systemroot (usually C:\).
Empty the flash drive you want to install OTLPE on.
Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
Press any key when asked to in the black window that opens.
As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.
Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
As the USB needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save". Drag it in Custom scans and fixes box
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#19 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 21 March 2011 - 01:31 PM

Hi, Managed to get my laptop to boot again. I've also located the Avenger log that was created so I've pasted to this reply along with a fresh otl scan.
Thanks again OB

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\kqjugoya\swxhqriq.exe" deleted successfully.
Folder "C:\Program Files\kqjugoya" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OTL logfile created on: 21/03/2011 19:24:12 - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.00 Mb Total Physical Memory | 297.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 17.88 Gb Free Space | 47.99% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 7.18 Gb Free Space | 96.16% Space Free | Partition Type: FAT32

Computer Name: SARAHSLAPTOP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Sarah\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (EKBfltr) -- C:\WINDOWS\system32\drivers\EKBfltr.sys (EnE Technology Inc.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Ca536av) Icatch(VII) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (USBCamera) Icatch(VII) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK)
DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/03/17 17:50:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\kqjugoya\swxhqriq.exe) - C:\Program Files\kqjugoya\swxhqriq.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 17:49:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 22:44:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 12:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/03/21 19:24:42 | 000,000,003 | RHS- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 19:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\kqjugoya
[2011/03/20 10:06:00 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/03/19 18:40:26 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/19 10:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/03/19 09:57:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/18 20:45:57 | 000,819,055 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTS.exe
[2011/03/17 19:48:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sarah\UserData
[2011/03/17 19:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\avz4
[2011/03/17 18:35:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/17 17:49:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/16 18:56:14 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sarah\Desktop\TDSSKiller.exe
[2011/03/15 22:44:02 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/03/15 22:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/15 22:11:27 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\VS Revo Group
[2011/03/15 20:20:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/15 20:19:21 | 000,754,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTL.exe
[2011/03/10 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/09 22:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/09 22:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/03/09 21:59:08 | 000,568,656 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Sarah\My Documents\GoogleEarthSetup.exe
[2011/03/02 21:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sarah\Recent
[2011/03/02 21:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/03/02 20:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/02 20:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/02 19:48:36 | 000,000,000 | ---D | C] -- C:\rei
[2011/03/02 19:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/03/02 19:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/02 19:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/03/21 19:24:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006UA.job
[2011/03/21 19:20:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2011/03/21 19:19:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 19:19:12 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/21 19:19:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/21 19:19:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 19:18:51 | 736,276,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 10:03:20 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\avenger.zip
[2011/03/19 22:07:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 21:24:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006Core.job
[2011/03/19 18:14:24 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/18 20:46:05 | 000,819,055 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTS.exe
[2011/03/18 20:37:29 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Google Chrome.lnk
[2011/03/18 20:37:29 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 18:37:10 | 000,170,397 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\OTLmgr.exe
[2011/03/17 17:50:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/15 22:11:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:16:12 | 004,287,930 | R--- | M] () -- C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
[2011/03/15 20:16:04 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/14 19:37:56 | 000,754,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTL.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sarah\Desktop\TDSSKiller.exe
[2011/03/09 21:58:37 | 000,568,656 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sarah\My Documents\GoogleEarthSetup.exe
[2011/03/07 22:39:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/02 21:32:33 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/23 11:14:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/03/21 19:01:45 | 736,276,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/20 10:03:40 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\avenger.exe
[2011/03/20 10:03:12 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\avenger.zip
[2011/03/16 19:11:41 | 000,170,397 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\OTLmgr.exe
[2011/03/15 22:19:08 | 004,287,930 | R--- | C] () -- C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:46:06 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/02 21:32:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/09/14 21:03:37 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 20:22:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 20:22:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 20:22:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 20:22:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 20:22:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/10 21:51:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\LOGO.INI
[2009/09/30 19:59:45 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini
[2008/10/20 20:55:11 | 000,001,247 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/03 17:34:19 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/28 19:24:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\fusioncache.dat
[2007/01/28 19:03:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/02 22:36:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/02 22:35:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/02 22:35:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007/01/02 22:35:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007/01/02 22:35:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007/01/02 22:35:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007/01/02 22:35:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/02/13 18:11:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/13 17:55:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/13 17:53:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/13 17:47:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/13 17:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/13 17:39:56 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/13 16:33:23 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/13 16:32:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/13 16:32:49 | 000,476,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/13 16:32:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/13 16:32:49 | 000,085,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/13 16:32:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/13 16:32:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/13 16:32:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/13 16:32:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/13 16:32:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/13 16:32:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/13 16:32:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/13 16:32:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 04:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2000/06/22 06:09:24 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2000/05/11 06:52:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

< End of report >

#20 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 23 March 2011 - 01:02 PM

Hey,

Sorry for the late reply. Just to let you know, we've almost cleaned the computer entirely, but there are 2-3 files that keep respawning whatever we do, so let's try something else, that would probably fix it:

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

- Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
- Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
Please also decompress eeepcfr to your systemroot (usually C:\).
Empty the flash drive you want to install OTLPE on.
Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
Press any key when asked to in the black window that opens.
As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.
Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
As the USB needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save". Paste its contents Custom scans and fixes box
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#21 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 23 March 2011 - 04:13 PM

Hi,

Hit an obstacle. I cant create a bootable USB stick because every time I insert it it's got the Recycler Virus. I delete the folders and within seconds it comes back.

So I tried the Flash Disinfector which allows me to delete the virus, but soon as I format it to copy the OTLPE files to it the recycler virus comes back.

Because this folder called recycler and some short cuts keep appearing on any usb stick I use, my laptop isn't recognising it at the start when I boot my system even though I've changed the boot order to USB.

Any other ideas? Thanks OB

#22 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 24 March 2011 - 06:14 AM

Hey,

Can you please use a clean USB and try to make it bootable on a clean computer?
If you can't, I can give you instructions to create a bootable CD

#23 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 24 March 2011 - 12:04 PM

Hi,

I burnt the ISO image file of OTLPE to a disk. Restarted my laptop booting from the cd and it comes up saying reatogo is starting up, then I get an error message saying

File\i386\system32\ntoskrnl.exe could not be loaded
The error code is 32768

Setup cannot continue. Press any key to exit

Any ideas where to go from here? Thanks OB

#24 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 24 March 2011 - 12:28 PM

Hey,

Please delete your copy of Combofix and OTL and do this:

Download OTL to C:

Please download ComboFix from Here or Here to C:\

After this, you should have ComboFix.exe and OTL.exe to C:\. After this, I want you not to boot again in normal windows mode, only using the below mode, and if it's possible, only use your computer for executing my instructions. Every time your computer restarts, do this:

Reboot your computer. When it's starting up, continuously press the F8 key.
You should see a black screen with some options, select Safe Mode with Command Prompt.
Login to your account, and then you should see a black box. Type:

explorer.exe

Explorer should start up and then you should be able to run programs. From there, do this:

Next:

Please, never rename Combofix unless instructed.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next:

If combofix restarted your computer, please follow the same procedure as before to log in in Safe Mode with Command prompt and run a scan with OTL. Post it here

#25 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 24 March 2011 - 01:18 PM

Done as requested. See logs. Many Thanks

ComboFix 11-03-24.01 - Sarah 24/03/2011 18:58:51.5.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.531 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: AVG Internet Security *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\IEXPLOREmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 18:48 . 2011-03-24 18:48 580608 ----a-w- C:\OTL.exe
2011-03-24 00:04 . 2011-03-24 00:04 -------- d-----w- C:\$AVG
2011-03-23 23:29 . 2011-03-23 23:29 -------- d-sh--w- c:\documents and settings\Sarah\UserData
2011-03-23 22:29 . 2011-03-23 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-03-23 22:29 . 2011-03-24 00:16 -------- d-----w- c:\program files\Autorun Eater
2011-03-23 22:07 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 22:07 . 2011-03-23 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 22:07 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 20:19 . 2008-01-24 13:44 -------- d-----w- C:\eeepcfr
2011-03-23 00:07 . 2011-03-23 23:27 170397 ----a-w- c:\windows\explorermgr.exe
2011-03-22 23:55 . 2011-03-22 23:55 -------- d-----w- c:\program files\Microsoft Works
2011-03-22 23:53 . 2011-03-22 23:53 -------- d-----w- c:\program files\Microsoft.NET
2011-03-22 23:51 . 2011-03-22 23:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-22 23:49 . 2011-03-22 23:54 -------- d-----w- c:\windows\SHELLNEW
2011-03-22 23:48 . 2011-03-22 23:48 -------- d-----r- C:\MSOCache
2011-03-21 19:19 . 2011-03-21 19:19 -------- d-----w- c:\program files\kqjugoya
2011-03-19 18:40 . 2011-03-19 18:40 -------- d-----w- C:\_OTS
2011-03-15 21:54 . 2011-03-15 21:54 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\VS Revo Group
2011-03-15 20:20 . 2011-03-15 20:20 -------- d-----w- C:\_OTL
2011-03-02 20:55 . 2011-03-02 20:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-02 20:24 . 2011-03-10 19:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-02 19:48 . 2011-03-02 20:55 -------- d-----w- C:\rei
2011-03-02 19:48 . 2011-03-02 19:48 -------- d-----w- c:\program files\Reimage
2011-03-02 19:09 . 2011-03-02 20:55 -------- d-s---w- c:\documents and settings\Administrator.SARAHSLAPTOP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-02-13 16:32 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-13 16:32 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-13 16:32 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2010-09-14_20.39.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-14 21:13 . 2009-10-30 14:01 30024 c:\windows\system32\uxtuneup.dll
- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-09-14 21:13 . 2009-10-30 14:08 29512 c:\windows\system32\TURegOpt.exe
+ 2006-02-13 16:32 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2006-02-13 16:32 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2011-03-22 23:57 . 2006-10-26 19:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2011-03-22 23:57 . 2006-10-26 19:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-02-13 16:32 . 2010-11-01 20:11 85700 c:\windows\system32\perfc009.dat
+ 2008-12-04 22:22 . 2006-10-26 19:56 32592 c:\windows\system32\msonpmon.dll
- 2006-02-13 16:32 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2006-11-07 21:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 21:03 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-13 17:47 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
+ 2010-10-03 23:43 . 2010-10-03 23:43 59240 c:\windows\system32\drivers\RapportKELL.sys
+ 2006-02-13 16:32 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
- 2009-07-25 10:07 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-25 10:07 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-02-13 17:47 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2006-02-13 16:32 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2006-02-13 16:32 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2006-02-13 16:32 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2006-02-13 16:32 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-13 16:32 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-14 20:29 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-14 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2006-02-13 17:47 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2006-02-13 16:32 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2006-02-13 16:32 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2006-02-13 16:32 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2006-02-13 16:32 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
- 2007-01-28 17:43 . 2010-09-13 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-01-28 17:43 . 2011-02-27 09:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-03-23 04:31 . 2010-03-23 04:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 08:43 . 2010-09-22 08:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-04-01 10:42 . 2010-04-01 10:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 13:51 . 2010-03-31 13:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 13:51 . 2010-03-31 13:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 13:51 . 2010-03-31 13:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 14:32 . 2010-03-31 14:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 14:32 . 2010-03-31 14:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-03-22 23:50 . 2011-03-22 23:50 48128 c:\windows\Installer\8f3cc.msi
+ 2010-09-14 21:12 . 2010-09-14 21:12 26624 c:\windows\Installer\6ed64.msi
+ 2011-03-09 22:02 . 2011-03-09 22:02 21504 c:\windows\Installer\633e3b4.msi
+ 2011-03-09 22:06 . 2011-03-09 22:06 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-04 22:23 . 2010-08-12 19:43 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-08 21:02 . 2010-12-08 21:02 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_D066A77819B7480BA99CC79FB02C9357.exe
+ 2010-12-08 21:02 . 2010-12-08 21:02 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2010-12-08 21:02 . 2010-12-08 21:02 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2010-12-08 21:02 . 2010-12-08 21:02 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2010-12-08 21:02 . 2010-12-08 21:02 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2011-02-10 23:57 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-10-13 22:10 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-13 22:10 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-13 22:10 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a50b356c\System.Drawing.Design.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fc8878d3\CustomMarshalers.dll
+ 2010-10-11 18:54 . 2010-10-11 18:54 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\53f613ab08580885b10fdea40638b912\UIAutomationProvider.ni.dll
+ 2010-10-12 20:34 . 2010-10-12 20:34 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\154fe2a1344deb5aac0fc392657a0409\System.Windows.Presentation.ni.dll
+ 2010-10-12 20:25 . 2010-10-12 20:25 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\73347a87c1774197cb9899d561b078c8\System.Web.DynamicData.Design.ni.dll
+ 2010-10-12 19:47 . 2010-10-12 19:47 84992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\db456b2144419edae203a478be03bf49\System.AddIn.Contract.ni.dll
+ 2010-10-11 18:41 . 2010-10-11 18:41 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\c1ba5808c25d610dccecabfe11032516\PresentationFontCache.ni.exe
+ 2010-10-11 18:38 . 2010-10-11 18:38 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\da1bf875bc264359b390b8fa1cf72105\PresentationCFFRasterizer.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 56832 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\64f427a3e1283d74842e79ba5c28cbd3\Microsoft.Vsa.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\70f190bc940157ba65d312fbbbf265f2\Microsoft.VisualC.ni.dll
+ 2010-10-11 22:11 . 2010-10-11 22:11 95744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\20fac47a21d10dbb0c6a0181355eb8aa\Microsoft.Build.Framework.ni.dll
+ 2010-10-11 22:11 . 2010-10-11 22:11 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\15d51bef5470f6f4f1accaff5b3275e2\Microsoft.Build.Framework.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 74240 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\380531694d0401a17df9f30ad290d63d\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2010-10-11 21:33 . 2010-10-11 21:33 13824 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6febce3609ddb1b887ce4d4c8dc25b9f\dfsvc.ni.exe
+ 2010-12-08 21:03 . 2010-12-08 21:03 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\002fdd6ee1598bd73c4b0ebb36c7c189\Accessibility.ni.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-12 16:59 . 2010-06-12 16:59 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 11544 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12080 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2011-03-22 23:53 . 2011-03-22 23:53 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2011-03-22 23:53 . 2011-03-22 23:53 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
- 2008-12-04 22:17 . 2008-12-04 22:17 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 64288 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2011-03-22 23:53 . 2011-03-22 23:53 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
- 2008-12-04 22:19 . 2008-12-04 22:19 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2011-03-22 23:55 . 2011-03-22 23:55 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
- 2008-12-04 22:19 . 2008-12-04 22:19 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2010-09-14 20:57 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB980195$\spmsg.dll
+ 2010-09-14 20:57 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB980195$\spcustom.dll
+ 2011-02-10 23:56 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-14 23:52 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-14 23:52 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-14 23:53 . 2008-04-14 00:11 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-14 23:53 . 2008-04-13 18:57 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-14 23:48 . 2008-04-14 00:12 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-09-14 20:59 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-13 22:12 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-09-28 23:12 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-28 23:12 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-10-13 22:11 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-13 22:11 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 23:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 23:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 23:56 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 23:56 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-14 23:52 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-14 23:52 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-14 23:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-14 23:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-14 19:55 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-14 23:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-14 23:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-14 23:48 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-14 23:48 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-14 19:52 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-12 23:44 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 23:44 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-10 18:45 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-10-13 22:10 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2360131-IE8\update\spcustom.dll
+ 2010-10-13 22:10 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2360131-IE8\spmsg.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 12800 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\xpshims.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 66560 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtmled.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 55296 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeedsbs.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 43520 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\licmgr10.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 25600 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\jsproxy.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-13 22:12 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-13 22:12 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-12-14 23:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-14 23:54 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-09-14 20:58 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-09-14 20:58 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-17 11:53 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2010-09-14 22:12 . 2010-11-01 20:21 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2010-09-14 22:12 . 2010-11-01 20:21 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2010-09-14 22:12 . 2010-11-01 20:21 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
- 2010-08-12 19:40 . 2010-08-12 19:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 19:40 . 2010-08-12 19:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2010-09-14 20:59 . 2008-05-03 11:55 2560 c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-10-13 22:06 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-13 22:12 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-13 20:58 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-13 16:33 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2006-02-13 16:33 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll
+ 2006-02-13 16:32 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2006-02-13 16:32 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2006-02-13 16:32 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2006-02-13 16:32 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2011-03-22 23:57 . 2006-10-26 19:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2011-03-22 23:57 . 2006-10-26 19:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
- 2006-02-13 16:32 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2006-02-13 16:32 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2006-02-13 16:32 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2011-03-02 20:55 . 2011-03-02 20:56 449040 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-13 16:32 . 2010-11-01 20:11 476890 c:\windows\system32\perfh009.dat
- 2006-02-13 16:32 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2006-02-13 16:32 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2006-02-13 16:32 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2006-11-07 21:03 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2006-10-18 20:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-02-13 16:32 . 2010-09-18 11:23 974848 c:\windows\system32\mfc42u.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2010-09-09 21:54 . 2010-09-14 21:33 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
- 2010-09-09 21:54 . 2010-09-09 21:54 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
- 2010-09-09 21:54 . 2010-09-09 21:54 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll
+ 2010-09-09 21:54 . 2010-09-14 21:33 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll
+ 2006-02-13 16:32 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2006-02-13 16:32 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
- 2006-02-13 16:32 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2006-02-13 16:32 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2007-05-16 15:12 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-13 16:32 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2006-02-13 17:39 . 2011-03-23 19:43 273376 c:\windows\system32\FNTCACHE.DAT
- 2006-02-13 17:39 . 2010-09-14 18:30 273376 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-13 16:32 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2006-02-13 17:45 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2006-02-13 16:33 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-02-13 16:33 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-02-13 16:32 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll
+ 2006-02-13 16:32 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2006-02-13 16:32 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-02-13 16:32 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-02-13 16:32 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2006-02-13 16:32 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2006-02-13 16:32 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2006-02-13 16:32 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2006-02-13 16:32 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-02-13 16:32 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2006-02-13 16:32 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-02-13 16:32 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2006-02-13 16:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-02-13 17:47 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2006-02-13 17:47 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2007-05-14 20:29 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-02-13 17:47 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2006-02-13 17:47 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-02-13 17:47 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-02-13 17:47 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2006-02-13 17:47 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2006-02-13 16:32 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2006-02-13 16:32 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
- 2006-02-13 16:32 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-02-13 16:32 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2006-02-13 16:32 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2006-02-13 16:32 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-05-16 15:12 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-07-25 10:07 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-07-25 10:07 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-12 10:19 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-12 10:19 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-13 16:32 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-13 16:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-13 16:32 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2006-02-13 16:32 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2006-02-13 16:32 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2006-02-13 16:32 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2006-02-13 16:32 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2011-03-02 20:24 . 2008-12-05 23:33 151022 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
+ 2010-09-22 08:43 . 2010-09-22 08:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-23 04:31 . 2010-03-23 04:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 13:51 . 2010-03-31 13:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 01:25 . 2010-09-23 01:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 13:49 . 2010-03-31 13:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 14:32 . 2010-03-31 14:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 20:02 . 2010-09-23 20:02 798208 c:\windows\Installer\902804.msp
+ 2011-03-22 23:52 . 2011-03-22 23:52 501248 c:\windows\Installer\8f405.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 501248 c:\windows\Installer\8f3f1.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 506880 c:\windows\Installer\8f3ec.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 516608 c:\windows\Installer\8f3e6.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 513024 c:\windows\Installer\8f3e0.msi
+ 2011-03-22 23:50 . 2011-03-22 23:50 501248 c:\windows\Installer\8f3d6.msi
+ 2011-03-22 23:49 . 2011-03-22 23:49 501248 c:\windows\Installer\8f3b8.msi
+ 2010-09-14 21:13 . 2010-09-14 21:13 318464 c:\windows\Installer\6ed68.msi
+ 2011-03-22 23:49 . 2011-03-22 23:49 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-11-07 23:49 . 2009-11-07 23:49 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-04 22:22 . 2010-08-12 19:43 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-02-10 23:57 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 23:57 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 23:57 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 23:57 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 23:57 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-14 23:53 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-14 23:53 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-14 23:53 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-14 23:53 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-10-13 22:10 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-13 22:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-13 22:10 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-13 22:10 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-13 22:10 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-13 22:10 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-10 22:15 . 2010-10-10 22:15 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f21765aa\System.Drawing.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_07a63e52\System.Drawing.Design.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2ed9cf8a\CustomMarshalers.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 121856 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\d566459df91105353ed256ef20c23589\XPBurnComponent.ni.dll
+ 2010-10-11 22:02 . 2010-10-11 22:02 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9b8b20805029a1e9fc07d091d2b5032b\WsatConfig.ni.exe
+ 2010-10-11 18:55 . 2010-10-11 18:55 266752 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\e1b7da8fa863437bd9986e361deceef6\WindowsFormsIntegration.ni.dll
+ 2010-10-11 18:54 . 2010-10-11 18:54 190464 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\e2d4333e4cae3ef0d2cf4d0183729f23\UIAutomationTypes.ni.dll
+ 2010-10-11 18:53 . 2010-10-11 18:53 460288 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a6bf843c22cb80c6197686cb34bde0d7\UIAutomationClient.ni.dll
+ 2010-10-12 20:36 . 2010-10-12 20:36 530944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\40573489c93390ca3cb0917a3d987913\System.Xml.Linq.ni.dll
+ 2010-10-12 20:33 . 2010-10-12 20:33 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e3fce78c31ef0dd33db1fd8b8eacd6af\System.Web.Routing.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 205824 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7887cd104677bcbfc078b31a6a2af812\System.Web.RegularExpressions.ni.dll
+ 2010-10-12 20:31 . 2010-10-12 20:31 895488 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a324036a7baf7414b093df3f0b992cce\System.Web.Extensions.Design.ni.dll
+ 2010-10-12 20:26 . 2010-10-12 20:26 406528 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5c17bd39e0760e57dac473988654f6bf\System.Web.Entity.ni.dll
+ 2010-10-12 20:27 . 2010-10-12 20:27 302080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fe195fe9abe30ff9e531616d7f9d283e\System.Web.Entity.Design.ni.dll
+ 2010-10-12 20:25 . 2010-10-12 20:25 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b4b0295973b668eb19b90b5b8093f991\System.Web.DynamicData.ni.dll
+ 2010-10-12 20:32 . 2010-10-12 20:32 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9d1bf5c10c80ff70429a811d4aa9e0f\System.Web.Abstractions.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 677376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6ed8bb6d2fa8a7312f9428a2ec5b4187\System.Transactions.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 217600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a1be3e5888796b50113b04f4b52c8240\System.ServiceProcess.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 721920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1835c5fab20bd78435b9989574de05f5\System.Security.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\41d8caeda0b3e85112454e86f2f3a512\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 804352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f58a72b75c8a06d9330de2cdaa81d3aa\System.Runtime.Remoting.ni.dll
+ 2010-10-12 20:19 . 2010-10-12 20:19 695808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e14f8b3ab31658ab1479480641b9811f\System.Net.ni.dll
+ 2010-10-12 20:18 . 2010-10-12 20:18 342528 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\ba5a24776400c850b7ad12e92c813eb0\System.Management.Instrumentation.ni.dll
+ 2010-10-12 20:17 . 2010-10-12 20:17 418304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\cb224a37f0437a9b00c1fc1df3016b17\System.IO.Log.ni.dll
+ 2010-10-12 20:17 . 2010-10-12 20:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\137363ae6a48e501b22c6ba02f6e7cd2\System.IdentityModel.Selectors.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ebe16d44c3b72d80be4614ff393f1ae2\System.EnterpriseServices.Wrapper.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 646144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ebe16d44c3b72d80be4614ff393f1ae2\System.EnterpriseServices.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\efeb0f82897425dc5a309fb043986aeb\System.Drawing.Design.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 473088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\dcc9f25dcdf050d7d18351b72d9f7a81\System.DirectoryServices.Protocols.ni.dll
+ 2010-10-12 20:12 . 2010-10-12 20:12 996352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\fd3f3490f23367ed4d6c272a1022a2fd\System.Data.Services.Client.ni.dll
+ 2010-10-12 20:12 . 2010-10-12 20:12 484352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\889797b28368bf0a12b6ea3717306229\System.Data.Services.Design.ni.dll
+ 2010-10-12 20:11 . 2010-10-12 20:11 942080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\79de713eed85c5080c9790e6e6c4645a\System.Data.Entity.Design.ni.dll
+ 2010-10-12 19:48 . 2010-10-12 19:48 139776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\2af91204a22c35955cf68d1121ae8188\System.Data.DataSetExtensions.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\708cff76a0a28088578c58d35a27ca4c\System.Configuration.Install.ni.dll
+ 2010-10-12 20:24 . 2010-10-12 20:24 117248 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\6bb03314fcce89975257176bc313a28e\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-10-12 20:33 . 2010-10-12 20:33 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\96dc6ed32802151e8471645310cb8328\System.AddIn.ni.dll
+ 2010-10-11 22:02 . 2010-10-11 22:02 432640 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2e50e01a80533aba9fab4301208e03ed\SMSvcHost.ni.exe
+ 2010-10-12 19:46 . 2010-10-12 19:46 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\94d8bf65aecae484f127b3faa1d0e7ae\SMDiagnostics.ni.dll
+ 2010-10-11 21:36 . 2010-10-11 21:36 355328 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a01fc2e98af74dc62ff1077740d0619f\ServiceModelReg.ni.exe
+ 2010-10-11 18:43 . 2010-10-11 18:43 556032 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e65f93aa743ab83825e739e23a0f951f\PresentationFramework.Luna.ni.dll
+ 2010-10-11 18:44 . 2010-10-11 18:44 275456 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9b45c932503d05112a37d5fd320c8366\PresentationFramework.Royale.ni.dll
+ 2010-10-11 18:43 . 2010-10-11 18:43 406016 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7fc5ce14918556b97ea34e28e3c991e4\PresentationFramework.Aero.ni.dll
+ 2010-10-11 18:43 . 2010-10-11 18:43 240640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d3981621a40a37e12c76f7e609b4c55\PresentationFramework.Classic.ni.dll
+ 2010-10-11 22:09 . 2010-10-11 22:09 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\ccc59cdb5faf42d9a0be9715249b99e4\MSBuild.ni.exe
+ 2010-10-12 18:19 . 2010-10-12 18:19 397312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\46736665861d8c0f21b586263ea55a77\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\b616ee24e91c8351ed003da86f4a62d7\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\94712b4875917bf4fcad38cd7c12f6a7\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 164864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\91a08a9a88476799f03c15002f96d88f\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2010-10-11 22:13 . 2010-10-11 22:13 178688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d075f1b7efb44ddb55c19e569b23dc38\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-10-11 22:12 . 2010-10-11 22:12 146944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a1a63861259b2a1cefff028360a7ede\Microsoft.Build.Utilities.ni.dll
+ 2010-10-11 22:10 . 2010-10-11 22:10 868864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ccaeff42950a8d1533487cc527affbe0\Microsoft.Build.Engine.ni.dll
+ 2010-10-11 22:10 . 2010-10-11 22:10 241152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\54091ca56523e3daee13673c7c700783\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 233984 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\a8eda00f66f979b825a6e5f904e2b9b5\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 201728 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\88a9761c9e0744786964ab6ca87142b9\Interop.WUApiLib.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 439296 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\a2fde2b02bb35a27423776d33a4e1d08\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 395264 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\3e14f96b4bbe25ae6b5415a01c609456\DriversHQ.DriverDetective.Common.ni.dll
+ 2010-10-11 22:09 . 2010-10-11 22:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\903a2669d816f17a8eccd8442355585e\CustomMarshalers.ni.dll
+ 2010-10-11 21:34 . 2010-10-11 21:34 456192 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\d65f017fbc80047a0909872c8e1f9390\ComSvcConfig.ni.exe
+ 2010-10-11 21:30 . 2010-10-11 21:30 862720 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\951e9b1884afaacf88aecaa9c9f70f23\AspNetMMCExt.ni.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 609104 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 118112 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 416544 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-12-04 22:19 . 2008-12-04 22:19 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2011-03-22 23:55 . 2011-03-22 23:55 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
- 2008-12-04 22:18 . 2008-12-04 22:18 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 781104 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 248632 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 150320 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-14 20:59 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-10-13 22:11 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-10-13 22:06 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-09-14 20:58 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-14 20:58 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-14 20:58 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-09-14 20:57 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\updspapi.dll
+ 2010-09-14 20:57 . 2008-07-08 13:02 755576 c:\windows\$NtUninstallKB980195$\update.exe
+ 2010-09-14 20:57 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst.exe
+ 2010-10-13 22:11 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-13 22:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-13 22:11 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2010-09-14 20:59 . 2007-07-27 22:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-14 20:59 . 2007-07-27 22:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-14 20:59 . 2006-10-18 20:47 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-11 00:01 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-11 00:01 . 2008-04-14 00:12 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-11 00:01 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 23:55 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 23:55 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 23:56 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 23:56 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2010-12-14 23:52 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-14 23:52 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-14 23:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-14 23:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-14 23:53 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-14 23:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-14 23:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-14 23:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-14 23:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-14 23:48 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-14 23:48 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-12 23:44 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-12 23:44 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-12 23:44 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-12 23:44 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-12 23:44 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-12 23:44 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-12 23:44 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-12 23:44 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-10 23:55 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 23:55 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-13 22:13 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-13 22:13 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-13 22:13 . 2004-08-04 12:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-13 22:12 . 2007-07-27 22:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-13 22:12 . 2007-07-27 22:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-13 22:06 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-13 22:06 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-13 22:12 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-13 22:12 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-13 22:12 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-12-14 23:54 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-14 23:54 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-14 23:54 . 2010-09-01 11:51 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2010-10-13 22:12 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-13 22:12 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-13 22:12 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-10-13 22:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-13 22:13 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-09-28 23:12 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-28 23:12 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-14 20:58 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-09-14 20:58 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-09-14 20:58 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-09-14 20:59 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-09-14 20:59 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-14 20:59 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-13 22:11 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-13 22:06 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-09-14 20:59 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-14 20:59 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-13 22:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-13 22:11 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
- 2009-02-25 22:16 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2009-02-25 22:16 . 2008-07-09 13:08 382840 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 23:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 23:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 23:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-10 18:48 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-10 18:49 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-11 00:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-11 00:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-11 00:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 23:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 23:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 23:56 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 23:56 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 23:56 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2010-12-14 23:52 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-14 23:52 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-14 23:52 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-14 23:53 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-14 23:53 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-14 23:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-14 23:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-14 23:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-14 23:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-14 23:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-14 23:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-14 23:48 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-14 23:48 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-14 23:48 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-12 23:44 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 23:44 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 23:44 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-14 23:53 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-14 23:53 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-14 23:53 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-14 19:55 . 2010-11-06 00:27 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-14 19:55 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 23:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 23:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 23:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-10 18:45 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2010-10-13 22:13 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-13 22:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-13 22:13 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-13 21:12 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-13 21:12 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-13 21:12 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-13 21:12 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-13 22:06 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-13 22:06 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-13 20:58 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-10-13 22:10 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2360131-IE8\update\updspapi.dll
+ 2010-10-13 22:10 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2360131-IE8\update\update.exe
+ 2010-10-13 22:10 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2360131-IE8\spuninst.exe
+ 2010-10-13 21:14 . 2010-09-10 05:57 919552 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 206848 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\occache.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 611840 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mstime.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 602112 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeeds.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 247808 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieproxy.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 184320 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iepeers.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 743424 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedvtool.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 387584 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedkcs32.dll
+ 2010-10-13 21:14 . 2010-09-08 15:48 173056 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ie4uinit.exe
+ 2010-09-14 20:59 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-14 20:59 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-14 20:59 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-13 22:12 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-13 22:12 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-13 22:12 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-12-14 23:54 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-14 23:54 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-14 23:54 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2010-10-13 22:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-13 22:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-13 22:13 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-14 20:58 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-14 20:58 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-09-14 20:58 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-09-14 20:58 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-09-14 20:58 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-14 20:59 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-14 20:59 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-10-13 21:12 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2006-02-13 16:32 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2006-02-13 16:32 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2006-02-13 16:32 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2006-02-13 16:32 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2006-02-13 16:32 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2006-02-13 16:32 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2006-10-17 11:57 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2006-02-13 16:32 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-13 16:32 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2006-02-13 16:32 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2006-02-13 16:32 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2006-02-13 16:32 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2006-02-13 16:32 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 19:20 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-03 22:59 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 19:20 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-02-13 16:32 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-14 20:29 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-22 08:44 . 2010-09-22 08:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 04:32 . 2010-03-23 04:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 10:42 . 2010-04-01 10:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 10:42 . 2010-04-01 10:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 13:50 . 2010-03-31 13:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 01:25 . 2010-09-23 01:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-04-01 10:42 . 2010-04-01 10:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 06:39 . 2010-09-23 06:39 4265472 c:\windows\Installer\9027fd.msp
+ 2010-09-23 06:40 . 2010-09-23 06:40 2607104 c:\windows\Installer\9027fc.msp
+ 2011-03-22 23:52 . 2011-03-22 23:52 1640960 c:\windows\Installer\8f40a.msi
+ 2011-03-22 23:52 . 2011-03-22 23:52 1652736 c:\windows\Installer\8f400.msi
+ 2011-03-22 23:52 . 2011-03-22 23:52 1652736 c:\windows\Installer\8f3fb.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 1652736 c:\windows\Installer\8f3f6.msi
+ 2011-03-22 23:51 . 2011-03-22 23:51 2319872 c:\windows\Installer\8f3db.msi
+ 2011-03-22 23:50 . 2011-03-22 23:50 1647616 c:\windows\Installer\8f3d1.msi
+ 2011-03-22 23:50 . 2011-03-22 23:50 1640960 c:\windows\Installer\8f3c7.msi
+ 2011-03-22 23:50 . 2011-03-22 23:50 2022912 c:\windows\Installer\8f3c2.msi
+ 2011-03-22 23:50 . 2011-03-22 23:50 1713152 c:\windows\Installer\8f3bd.msi
+ 2011-03-22 23:49 . 2011-03-22 23:49 2397184 c:\windows\Installer\8f3b3.msi
+ 2010-11-01 20:21 . 2010-11-01 20:21 1318912 c:\windows\Installer\10298.msi
- 2008-12-04 22:22 . 2010-08-12 19:43 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-03-22 23:58 . 2011-03-22 23:58 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-04 22:22 . 2010-08-12 19:42 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-10 23:57 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 23:57 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-10-13 22:10 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-13 22:10 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-13 22:10 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2008-10-16 19:20 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 19:20 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 19:20 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 19:20 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-10 22:16 . 2010-10-10 22:16 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9134ed61\System.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_37c6133d\System.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0822660a\System.Xml.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0583e5cd\System.Xml.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8b123da0\System.Windows.Forms.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6664e5a0\System.Windows.Forms.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e56e7bc6\System.Drawing.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8ae9f9c8\System.Design.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_654ea7e0\System.Design.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0b7e57c\mscorlib.dll
+ 2010-10-10 22:16 . 2010-10-10 22:16 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_33e7f01f\mscorlib.dll
+ 2010-10-11 18:55 . 2010-10-11 18:55 3568128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a8a8ba4fbbff464c6dd4c8606106695\WindowsBase.ni.dll
+ 2010-10-11 18:53 . 2010-10-11 18:53 1086464 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\4be7fef59c1c213b4183bad7cd7c8e9c\UIAutomationClientsideProviders.ni.dll
+ 2010-12-08 21:02 . 2010-12-08 21:02 8367616 c:\windows\assembly\NativeImages_v2.0.50727_32\System\d36afddcc6205299d3a68f5d21482750\System.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 5764096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\8b466a8ef69c6f09c8a5e340e4f984a7\System.Xml.ni.dll
+ 2010-10-12 20:35 . 2010-10-12 20:35 1632768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\53834977835fba2c0c50db5c2457792b\System.WorkflowServices.ni.dll
+ 2010-10-12 20:35 . 2010-10-12 20:35 2132480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\3cd4cd85e2356f62efb3af925c1dca3a\System.Workflow.Runtime.ni.dll
+ 2010-10-12 20:35 . 2010-10-12 20:35 4710912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\a4e591b33cac738f477d19d96386e08b\System.Workflow.ComponentModel.ni.dll
+ 2010-10-12 20:34 . 2010-10-12 20:34 3215872 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5b0d77ba4c8c5eba5e46a5b82881473a\System.Workflow.Activities.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 1883648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9ef2b3774e5c8407cd0bec0e33e42b64\System.Web.Services.ni.dll
+ 2010-10-12 20:31 . 2010-10-12 20:31 2254848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\fd6916d3dafa06fc81502ad3547d9aa5\System.Web.Mobile.ni.dll
+ 2010-10-12 20:30 . 2010-10-12 20:30 2527744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8dccc1497c6fadf758d14b74de0fabdf\System.Web.Extensions.ni.dll
+ 2010-10-11 18:50 . 2010-10-11 18:50 2042880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\3d4b7d525d9869d8c0f7f448f275f14f\System.Speech.ni.dll
+ 2010-10-12 20:22 . 2010-10-12 20:22 1869824 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4277bd111fa7d63bfcbfeb9edbd40433\System.ServiceModel.Web.ni.dll
+ 2010-10-12 20:20 . 2010-10-12 20:20 2483200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\22d79d22f19a1cbf100e7946648bd93b\System.Runtime.Serialization.ni.dll
+ 2010-10-11 18:50 . 2010-10-11 18:50 1142784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\458d1e96b8c2824470769bee5b7745d1\System.Printing.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\fd9d6b592220e4d9c2aabb73ddc86c92\System.Management.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 1653760 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\21cf600c40ef3d889a25c2d80d44fd92\System.Drawing.ni.dll
+ 2010-10-12 20:14 . 2010-10-12 20:14 1041920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\74d772b3a18063bfd835d2a43634db73\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 1172992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2ca3a0d53fb98eec8402880ae2f59a70\System.DirectoryServices.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 1861632 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9795b072f1d5ff5e7e65763bc823893f\System.Deployment.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 6854656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\209e9d851ce8c15fa513b605de9db1b4\System.Data.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 2647552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\9279d9b217930c022bd267662ec1cb2d\System.Data.SqlXml.ni.dll
+ 2010-10-12 20:11 . 2010-10-12 20:11 1378304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3ca038247ab5f2347af4462aab8c697c\System.Data.Services.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 1158656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\2111e7312b2112ab99d0934007720640\System.Data.OracleClient.ni.dll
+ 2010-10-11 18:47 . 2010-10-11 18:47 2680320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\64566c2eb74d829720726c081864e834\System.Data.Linq.ni.dll
+ 2010-10-12 20:36 . 2010-10-12 20:36 2517504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\137e2f5a057067eaf5de0826260e0e1f\System.Core.ni.dll
+ 2010-12-08 21:02 . 2010-12-08 21:02 1016832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\624ef471e9690707627d2f56ad0d74ae\System.Configuration.ni.dll
+ 2010-10-11 18:45 . 2010-10-11 18:45 2387968 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\37fbeca7779d7150e2858db853294c6f\ReachFramework.ni.dll
+ 2010-10-11 18:44 . 2010-10-11 18:44 1760768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\763e0d4b23776b62a421f0bbc6ce70a1\PresentationUI.ni.dll
+ 2010-10-11 18:38 . 2010-10-11 18:38 1509888 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d14e89d6397f68f152c179246b1cc4de\PresentationBuildTasks.ni.dll
+ 2010-10-12 19:46 . 2010-10-12 19:46 1789952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a9b197f89499dfca80b68877c5d06d75\Microsoft.VisualBasic.ni.dll
+ 2010-10-11 22:13 . 2010-10-11 22:13 1182720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\8c7ee4c7a2f136e5b79dd3c9d3248d43\Microsoft.Transactions.Bridge.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 2401792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a9e1f249d346771aa3228b26a8778606\Microsoft.JScript.ni.dll
+ 2010-10-11 22:12 . 2010-10-11 22:12 1719808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6488945ab1259a408826bba1de14326d\Microsoft.Build.Tasks.ni.dll
+ 2010-10-11 22:12 . 2010-10-11 22:12 2052096 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3f5b6c7724a9c604c4190ab3ab3e5611\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-10-11 22:11 . 2010-10-11 22:11 1939968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\48276cede06b74da3e6fe5f47b1f0cec\Microsoft.Build.Engine.ni.dll
+ 2010-12-08 21:02 . 2010-12-08 21:02 4858368 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\2458c4f2c54a2789a5ea20918b42d383\DriversHQ.DriverDetective.Client.ni.exe
+ 2010-12-08 21:04 . 2010-12-08 21:04 1312256 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\a43a2430037932e33c60e6a9a862dabf\DriversHQ.Common.ni.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-10 22:18 . 2010-10-10 22:18 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-08-24 10:45 . 2009-08-24 10:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-12 19:40 . 2010-08-12 19:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-10 22:17 . 2010-10-10 22:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-12 19:41 . 2010-08-12 19:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-12 16:59 . 2010-06-12 16:59 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-10 22:15 . 2010-10-10 22:15 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-12 16:59 . 2010-06-12 16:59 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 1276720 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2008-12-04 22:18 . 2008-12-04 22:18 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2011-03-22 23:54 . 2011-03-22 23:54 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2011-03-22 23:55 . 2011-03-22 23:55 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
- 2008-12-04 22:19 . 2008-12-04 22:19 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2010-10-13 22:06 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-10-13 22:11 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2011-02-11 00:01 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-11 00:01 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2010-12-14 23:52 . 2010-08-31 13:42 1852800 c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2011-02-10 23:55 . 2010-04-28 02:25 2189952 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 23:55 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 23:55 . 2010-04-27 13:05 2066816 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 23:55 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2010-10-13 22:13 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-10 18:49 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-14 19:55 . 2010-11-06 00:27 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-14 19:55 . 2010-11-06 00:27 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2011-02-10 18:45 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-10 18:45 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 18:39 . 2010-12-09 18:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-10 18:45 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-10-13 21:14 . 2010-09-10 05:57 1211904 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\urlmon.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 5958656 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
+ 2010-10-13 21:14 . 2010-09-10 05:57 1987072 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iertutil.dll
+ 2006-02-13 16:33 . 2010-08-25 22:36 10841088 c:\windows\system32\wmp.dll
- 2006-02-13 16:33 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2007-01-28 18:25 . 2011-02-10 23:57 37443528 c:\windows\system32\MRT.exe
+ 2006-11-07 21:03 . 2010-12-21 05:29 11080704 c:\windows\system32\ieframe.dll
+ 2006-02-13 16:33 . 2010-08-25 22:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2006-02-13 16:33 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2007-05-14 20:29 . 2010-12-21 05:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 13:08 . 2010-09-24 13:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-24 06:08 . 2010-09-24 06:08 17518080 c:\windows\Installer\9027f3.msp
+ 2011-03-22 23:58 . 2011-03-22 23:58 18181632 c:\windows\Installer\8f410.msi
+ 2011-02-10 23:57 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-14 23:53 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2010-10-13 22:10 . 2010-06-24 16:51 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-10-11 21:36 . 2010-10-11 21:36 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAA.tmp\mscorlib.dll
+ 2010-10-12 19:48 . 2010-10-12 19:48 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B.tmp\mscorlib.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 12906496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4f521661f2b41da8511c5d2e9a193b9d\System.Windows.Forms.ni.dll
+ 2010-12-08 21:03 . 2010-12-08 21:03 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3c93842bbd60f82415594f706d4e2f76\System.Web.ni.dll
+ 2010-10-12 20:21 . 2010-10-12 20:21 17902080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2b653ff84dcae184c1a4d3ec53da8dcd\System.ServiceModel.ni.dll
+ 2010-12-08 21:04 . 2010-12-08 21:04 10904064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\0f8e0d9e56327064c7681e0619a13d7a\System.Design.ni.dll
+ 2010-10-12 20:10 . 2010-10-12 20:10 10018304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\cb2ffebbacb0e0c72d5a1a8ddc1792ad\System.Data.Entity.ni.dll
+ 2010-10-11 18:43 . 2010-10-11 18:43 15424000 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cadc38996f3887149f35cb96357c3402\PresentationFramework.ni.dll
+ 2010-10-11 18:42 . 2010-10-11 18:42 13095424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\256b9beb5f6855532f043c95bb45fd85\PresentationCore.ni.dll
- 2010-08-12 19:42 . 2010-08-12 19:42 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2010-12-08 21:02 . 2010-12-08 21:02 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2010-10-13 22:12 . 2009-07-13 22:43 10841088 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2011-02-10 18:48 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 05:57 . 2010-11-06 05:57 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
+ 2010-09-10 10:27 . 2010-09-10 10:27 11082240 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-08 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 577536]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 557056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 23:43 59240]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [19/10/2006 12:24 5504]
S1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [02/03/2011 21:30 55224]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43 169320]
S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [30/09/2009 19:59 514859]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/09/2010 22:54 136176]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 23:43 767208]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 14:05 1021256]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys [16/02/2011 20:09 18872]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 06:24 10064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - OSE
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-24 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 22:54]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 22:54]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006Core.job
- c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-08 21:19]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006UA.job
- c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-08 21:19]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-03-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Sarah\Start Menu\Programs\Startup\swxhqriq.exe 170397 bytes executable
C:\swxhqriq.exe 170397 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-24 19:09:14
ComboFix-quarantined-files.txt 2011-03-24 19:08
ComboFix2.txt 2011-03-17 17:57
ComboFix3.txt 2011-03-16 19:48
ComboFix4.txt 2011-03-15 22:43
ComboFix5.txt 2011-03-24 18:57
.
Pre-Run: 25,146,478,592 bytes free
Post-Run: 25,361,956,864 bytes free
.
- - End Of File - - 2FC55DF308DB7AB09AE4A79EB60414A8

OTL logfile created on: 24/03/2011 19:11:51 - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.00 Mb Total Physical Memory | 448.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.67 Gb Free Space | 63.55% Space Free | Partition Type: NTFS

Computer Name: SARAHSLAPTOP | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (EKBfltr) -- C:\WINDOWS\system32\drivers\EKBfltr.sys (EnE Technology Inc.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Ca536av) Icatch(VII) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (USBCamera) Icatch(VII) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK)
DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/03/24 19:05:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 17:49:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 22:44:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 19:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/24 18:48:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/03/24 00:04:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/03/23 23:29:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sarah\UserData
[2011/03/23 22:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/03/23 22:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/03/23 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/03/23 22:07:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/23 22:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 22:07:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/23 22:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 20:19:59 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2011/03/22 23:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/03/22 23:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/03/22 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/03/22 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/03/22 23:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/22 23:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/22 23:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/03/22 23:48:03 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/03/21 19:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\kqjugoya
[2011/03/20 10:06:00 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/03/19 18:40:26 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/15 22:44:02 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/03/15 22:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/15 22:11:27 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\VS Revo Group
[2011/03/15 20:20:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/10 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/09 22:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/09 21:59:08 | 000,568,656 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Sarah\My Documents\GoogleEarthSetup.exe
[2011/03/02 21:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sarah\Recent
[2011/03/02 21:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/03/02 20:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/02 20:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/02 19:48:36 | 000,000,000 | ---D | C] -- C:\rei
[2011/03/02 19:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/03/02 19:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/02 19:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/03/24 19:05:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/24 18:52:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 18:49:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2011/03/24 18:49:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 18:49:11 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/24 18:49:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/24 18:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/03/24 18:48:26 | 004,301,567 | R--- | M] () -- C:\ComboFix.exe
[2011/03/24 00:24:02 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006UA.job
[2011/03/24 00:07:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 23:27:58 | 000,170,397 | ---- | M] () -- C:\WINDOWS\explorermgr.exe
[2011/03/23 21:24:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006Core.job
[2011/03/23 19:43:40 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/18 20:37:29 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Google Chrome.lnk
[2011/03/18 20:37:29 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/15 22:11:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:16:04 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/09 21:58:37 | 000,568,656 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sarah\My Documents\GoogleEarthSetup.exe
[2011/03/07 22:39:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/02 21:32:33 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/23 11:14:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/03/24 18:48:13 | 004,301,567 | R--- | C] () -- C:\ComboFix.exe
[2011/03/23 00:07:26 | 000,170,397 | ---- | C] () -- C:\WINDOWS\explorermgr.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:46:06 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/02 21:32:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/09/14 21:03:37 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 20:22:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 20:22:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 20:22:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 20:22:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 20:22:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/10 21:51:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\LOGO.INI
[2009/09/30 19:59:45 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini
[2008/10/20 20:55:11 | 000,001,247 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/03 17:34:19 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/28 19:24:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\fusioncache.dat
[2007/01/28 19:03:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/02 22:36:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/02 22:35:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/02 22:35:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007/01/02 22:35:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007/01/02 22:35:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007/01/02 22:35:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007/01/02 22:35:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/02/13 18:11:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/13 17:55:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/13 17:53:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/13 17:47:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/13 17:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/13 17:39:56 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/13 16:33:23 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/13 16:32:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/13 16:32:49 | 000,476,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/13 16:32:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/13 16:32:49 | 000,085,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/13 16:32:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/13 16:32:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/13 16:32:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/13 16:32:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/13 16:32:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/13 16:32:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/13 16:32:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/13 16:32:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 04:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2000/06/22 06:09:24 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2000/05/11 06:52:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

< End of report >

#26 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 24 March 2011 - 01:37 PM

Hey,

Log in safe mode with command prompt.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

Rootkit::
c:\windows\explorermgr.exe
c:\program files\kqjugoya
c:\documents and settings\Sarah\Start Menu\Programs\Startup\swxhqriq.exe
C:\swxhqriq.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next:

Double click on OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop:
scan.txt (104bytes)
Number of downloads: 16
You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window. OTL.Txt.
  It's saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic

#27 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 24 March 2011 - 02:22 PM

See attached logs. Thanks so much for your time and effort. OB

ComboFix 11-03-24.01 - Sarah 24/03/2011 20:02:23.6.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.526 [GMT 0:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt.txt
AV: AVG Internet Security *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 18:48 . 2011-03-24 18:48 580608 ----a-w- C:\OTL.exe
2011-03-24 00:04 . 2011-03-24 00:04 -------- d-----w- C:\$AVG
2011-03-23 22:29 . 2011-03-23 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-03-23 22:29 . 2011-03-24 00:16 -------- d-----w- c:\program files\Autorun Eater
2011-03-23 22:07 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 22:07 . 2011-03-23 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 22:07 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 20:19 . 2008-01-24 13:44 -------- d-----w- C:\eeepcfr
2011-03-23 00:07 . 2011-03-23 23:27 170397 ----a-w- c:\windows\explorermgr.exe
2011-03-22 23:55 . 2011-03-22 23:55 -------- d-----w- c:\program files\Microsoft Works
2011-03-22 23:53 . 2011-03-22 23:53 -------- d-----w- c:\program files\Microsoft.NET
2011-03-22 23:51 . 2011-03-22 23:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-22 23:49 . 2011-03-22 23:54 -------- d-----w- c:\windows\SHELLNEW
2011-03-22 23:48 . 2011-03-22 23:48 -------- d-----r- C:\MSOCache
2011-03-21 19:19 . 2011-03-24 19:53 -------- d-----w- c:\program files\kqjugoya
2011-03-19 18:40 . 2011-03-19 18:40 -------- d-----w- C:\_OTS
2011-03-15 21:54 . 2011-03-15 21:54 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\VS Revo Group
2011-03-15 20:20 . 2011-03-15 20:20 -------- d-----w- C:\_OTL
2011-03-02 20:55 . 2011-03-02 20:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-02 20:24 . 2011-03-10 19:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-02 19:48 . 2011-03-02 20:55 -------- d-----w- C:\rei
2011-03-02 19:48 . 2011-03-02 19:48 -------- d-----w- c:\program files\Reimage
2011-03-02 19:09 . 2011-03-02 20:55 -------- d-s---w- c:\documents and settings\Administrator.SARAHSLAPTOP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-02-13 16:32 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-13 16:32 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-13 16:32 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-08 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 577536]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 557056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 23:43 59240]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [19/10/2006 12:24 5504]
S1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [02/03/2011 21:30 55224]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43 169320]
S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [30/09/2009 19:59 514859]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/09/2010 22:54 136176]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 23:43 767208]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 14:05 1021256]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys [16/02/2011 20:09 18872]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 06:24 10064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-24 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 22:54]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 22:54]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006Core.job
- c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-08 21:19]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006UA.job
- c:\documents and settings\Sarah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-08 21:19]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-03-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Sarah\Start Menu\Programs\Startup\swxhqriq.exe 170397 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-03-24 20:12:40
ComboFix-quarantined-files.txt 2011-03-24 20:12
ComboFix2.txt 2011-03-24 19:09
ComboFix3.txt 2011-03-17 17:57
ComboFix4.txt 2011-03-16 19:48
ComboFix5.txt 2011-03-24 20:01
.
Pre-Run: 25,402,466,304 bytes free
Post-Run: 25,362,022,400 bytes free
.
- - End Of File - - C8B18D95EEA9F52BE3CB77FC8B05DD61

OTL logfile created on: 24/03/2011 20:17:19 - Run 9
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.67 Gb Free Space | 63.55% Space Free | Partition Type: NTFS

Computer Name: SARAHSLAPTOP | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (EKBfltr) -- C:\WINDOWS\system32\drivers\EKBfltr.sys (EnE Technology Inc.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Ca536av) Icatch(VII) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (USBCamera) Icatch(VII) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK)
DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/03/24 19:05:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 17:49:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 22:44:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 20:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/24 18:48:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/03/24 00:04:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/03/23 22:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/03/23 22:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/03/23 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/03/23 22:07:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/23 22:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 22:07:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/23 22:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 20:19:59 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2011/03/22 23:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/03/22 23:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/03/22 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/03/22 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/03/22 23:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/22 23:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/22 23:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/03/22 23:48:03 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/03/21 19:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\kqjugoya
[2011/03/20 10:06:00 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/03/19 18:40:26 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/15 22:44:02 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/03/15 22:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/15 22:11:27 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\VS Revo Group
[2011/03/15 20:20:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/10 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/09 22:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/02 21:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sarah\Recent
[2011/03/02 21:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/03/02 20:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/02 20:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/02 19:48:36 | 000,000,000 | ---D | C] -- C:\rei
[2011/03/02 19:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/03/02 19:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/02 19:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/03/24 19:55:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 19:53:34 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2011/03/24 19:53:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 19:52:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/24 19:52:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/24 19:05:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/24 18:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/03/24 18:48:26 | 004,301,567 | R--- | M] () -- C:\ComboFix.exe
[2011/03/24 00:24:02 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006UA.job
[2011/03/24 00:07:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 23:27:58 | 000,170,397 | ---- | M] () -- C:\WINDOWS\explorermgr.exe
[2011/03/23 21:24:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2543581181-1836738841-1604031686-1006Core.job
[2011/03/23 19:43:40 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/18 20:37:29 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Google Chrome.lnk
[2011/03/18 20:37:29 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/15 22:11:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sarah\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:16:04 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/07 22:39:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2543581181-1836738841-1604031686-1006.job
[2011/03/02 21:32:33 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/23 11:14:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/03/24 18:48:13 | 004,301,567 | R--- | C] () -- C:\ComboFix.exe
[2011/03/23 00:07:26 | 000,170,397 | ---- | C] () -- C:\WINDOWS\explorermgr.exe
[2011/03/15 21:42:57 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/03/15 20:46:06 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\Flash_Disinfector.exe
[2011/03/14 20:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/02 21:32:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/09/14 21:03:37 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 20:22:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 20:22:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 20:22:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 20:22:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 20:22:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/10 21:51:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\LOGO.INI
[2009/09/30 19:59:45 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini
[2008/10/20 20:55:11 | 000,001,247 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/03 17:34:19 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/28 19:24:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\fusioncache.dat
[2007/01/28 19:03:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/02 22:36:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/02 22:35:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/02 22:35:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007/01/02 22:35:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007/01/02 22:35:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007/01/02 22:35:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007/01/02 22:35:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007/01/02 22:35:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007/01/02 22:35:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/02/13 18:11:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/13 17:55:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/13 17:53:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/13 17:47:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/13 17:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/13 17:39:56 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/13 16:33:23 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/13 16:32:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/13 16:32:49 | 000,476,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/13 16:32:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/13 16:32:49 | 000,085,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/13 16:32:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/13 16:32:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/13 16:32:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/13 16:32:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/13 16:32:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/13 16:32:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/13 16:32:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/13 16:32:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 04:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2000/06/22 06:09:24 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2000/05/11 06:52:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2008/10/16 21:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2011/03/23 22:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/03/24 18:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/24 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/18 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/01/18 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/08 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/01/28 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2008/08/29 18:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/14 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/04/21 21:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/01/10 20:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/19 13:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/21 21:36:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/04/09 16:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Arkadium
[2010/12/08 21:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\FUJIFILM
[2010/09/11 20:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\InterTrust
[2007/01/28 19:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\IsolatedStorage
[2010/09/14 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Trusteer
[2008/02/20 22:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\TuneUp Software
[2009/08/19 14:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\UseNeXT
[2008/08/29 18:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\WinPatrol
[2011/03/24 19:53:34 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: NTDLL.DLL >
[2010/12/09 15:15:41 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=15CE4DBC22FAB90B3CA5352AF1FFF81C -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[2008/04/14 00:11:24 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll
[2008/04/14 00:11:24 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
[2009/02/09 12:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) MD5=911DDF2E16761643A47225F654D811E5 -- C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll
[2009/02/09 10:56:35 | 000,715,264 | ---- | M] (Microsoft Corporation) MD5=B0913005EE3FC15D7F72472D0B8A30EB -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[2004/08/03 23:56:38 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\cmdcons\SYSTEM32\NTDLL.DLL
[2004/08/04 12:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll
[2004/08/04 12:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\I386\NTDLL.DLL
[2004/08/04 12:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\I386\SYSTEM32\NTDLL.DLL
[2010/12/09 15:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=F8F0D25CA553E39DDE485D8FC7FCCE89 -- C:\WINDOWS\system32\dllcache\ntdll.dll
[2010/12/09 15:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=F8F0D25CA553E39DDE485D8FC7FCCE89 -- C:\WINDOWS\system32\ntdll.dll

< End of report >

#28 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 25 March 2011 - 04:10 AM

Hey,

Ok let's try a final thing before I ask for some advises:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please copy and paste the report into your Post.

#29 owainb

Group: Member
Posts: 63
Joined: 04-November 05

Posted 25 March 2011 - 05:35 AM

Please see log as requested. Thanks OB

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-25 11:33:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHW2040BH rev.00000012
Running: gmer.exe; Driver: C:\DOCUME~1\Sarah\LOCALS~1\Temp\fxddrpob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF60CCFE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF60CD996]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xF7FD699C]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwDeleteFile [0xF7FD59F8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xF60D136C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xF60D139E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF60D1500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF60CDA5A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xF60CD128]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xF60CD31A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF60CD44C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF60D1476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF60D13E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF60D1412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF60D1444]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF60CCF8A]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwSetInformationFile [0xF7FD5A6C]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xF7FD6878]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF60CCF26]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwTerminateProcess [0xF7FD597E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF60CCEC2]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwQueryValueKey + 349 80619259 7 Bytes JMP F841F8B8

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\svchost.exe[248] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\system32\svchost.exe[248] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[284] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
? C:\WINDOWS\System32\svchost.exe[392] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[392] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\System32\svchost.exe[392] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\System32\svchost.exe[392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\System32\svchost.exe[392] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\System32\svchost.exe[392] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
? C:\WINDOWS\system32\svchost.exe[460] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\svchost.exe[460] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[492] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Documents and Settings\Sarah\Desktop\gmer.exe[576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Documents and Settings\Sarah\Desktop\gmer.exe[576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Documents and Settings\Sarah\Desktop\gmer.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Documents and Settings\Sarah\Desktop\gmer.exe[576] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[580] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[580] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[580] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
? C:\WINDOWS\Explorer.EXE[732] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\Explorer.EXE[732] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004E8E3
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004DF3E
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004E5C4
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004E99E
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004DEDF
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004E9CB
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004DEAA
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004E9F8
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004E7C8
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004E721
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004DF11
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004EA1F
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004DE64
.text C:\WINDOWS\Explorer.EXE[732] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004DE1E
? C:\WINDOWS\system32\svchost.exe[872] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
? C:\WINDOWS\system32\svchost.exe[972] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\WINDOWS\system32\ctfmon.exe[1280] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\ctfmon.exe[1280] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\ctfmon.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\ctfmon.exe[1280] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
? C:\WINDOWS\System32\smss.exe[1436] time/date stamp mismatch;
.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\system32\spoolsv.exe[1464] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001D268
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001D583
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001D872
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001D21A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001D6D6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001D51E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001D5EE
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001D7A1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001D65F
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1560] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001D268
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001D583
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001D872
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001D21A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001D6D6
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001D51E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001D5EE
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001D7A1
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001D65F
.text C:\Program Files\Bonjour\mDNSResponder.exe[1580] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
? C:\WINDOWS\system32\csrss.exe[1596] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[1596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\csrss.exe[1596] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\csrss.exe[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\csrss.exe[1596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
? C:\WINDOWS\system32\winlogon.exe[1624] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\winlogon.exe[1624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\winlogon.exe[1624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\winlogon.exe[1624] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\winlogon.exe[1624] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
? C:\WINDOWS\system32\services.exe[1708] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\services.exe[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\services.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\services.exe[1708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\services.exe[1708] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
.text C:\WINDOWS\system32\lsass.exe[1720] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\lsass.exe[1720] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\lsass.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\lsass.exe[1720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\lsass.exe[1720] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
? C:\WINDOWS\system32\svchost.exe[1892] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001D268
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001D583
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001D872
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001D21A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001D6D6
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001D51E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001D5EE
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001D7A1
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001D65F
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
? C:\WINDOWS\system32\svchost.exe[1972] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004D268
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004D583
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004D872
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004D21A
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004D6D6
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004D51E
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004D5EE
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004D7A1
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004D65F
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2008] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2008] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2008] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2008] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
? C:\WINDOWS\System32\svchost.exe[2340] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\System32\svchost.exe[2340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3052] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\wscntfy.exe[3136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\system32\wscntfy.exe[3136] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\system32\wscntfy.exe[3136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\system32\wscntfy.exe[3136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\WINDOWS\System32\alg.exe[3252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\System32\alg.exe[3252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\System32\alg.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\System32\alg.exe[3252] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001D268
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001D583
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001D872
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001D21A
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001D6D6
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001D51E
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001D5EE
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001D7A1
.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001D65F
.text C:\WINDOWS\SOUNDMAN.EXE[3420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\SOUNDMAN.EXE[3420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\SOUNDMAN.EXE[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\SOUNDMAN.EXE[3420] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\WINDOWS\sm56hlpr.exe[3428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\sm56hlpr.exe[3428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\sm56hlpr.exe[3428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\sm56hlpr.exe[3428] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2001E8E3
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2001DF3E
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2001E5C4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2001E99E
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2001DEDF
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2001E9CB
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2001DEAA
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2001E9F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2001E7C8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2001E721
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2001DF11
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2001EA1F
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2001DE64
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3452] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2001DE1E
.text C:\Documents and Settings\Sarah\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C
.text C:\Documents and Settings\Sarah\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851
.text C:\Documents and Settings\Sarah\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8
.text C:\Documents and Settings\Sarah\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C805
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C805
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001D268
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001D583
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001D872
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001D21A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001D6D6
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001D51E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001D5EE
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001D7A1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3600] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001D65F

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator.SARAHSLAPTOP.000\Start Menu\Programs\Startup\swxhqriq.exe 170397 bytes executable
File C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics2010.tudb-journal 4640 bytes
File C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\swxhqriq.exe 170397 bytes executable
File C:\Program Files\kqjugoya\swxhqriq.exe 170397 bytes executable
File C:\swxhqriq.exe 170397 bytes executable
File C:\_OTL\MovedFiles\03162011_191007\C_Program Files\kqjugoya\swxhqriq.exe 170397 bytes executable
File C:\_OTS\MovedFiles\03192011_184026\C_Program Files\kqjugoya\swxhqriq.exe 170397 bytes executable

---- EOF - GMER 1.0.15 ----

#30 michaelg9

Group: Malware Removal
Posts: 2,862
Joined: 19-June 09

Posted 25 March 2011 - 05:45 AM

Hey,

Double click on OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output and None at the top
Download the following file scan.txt to your Desktop:
scan.txt (74bytes)
Number of downloads: 19
You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window. OTL.Txt.
  It's saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic

Back to Virus, Spyware, Malware Removal

Share this topic:

3 Pages
←
1
2
3
→

Please log in to reply

Win32/Zbot.G - Geeks to Go Forums