Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Recovery


  • This topic is locked This topic is locked

#1
niewczyk

niewczyk

    Member

  • Member
  • PipPip
  • 24 posts
I turned my windows XP system on and this Windows Recovery program takes over my computer on bootup.
It starts scanning my system and it also eliminated all my desktop icons. Help! I'm in uncharted
territory. I've tried running MalwareBytes in safe mode. While that found some stuff and claimed to take care of it, Windows Recovery is still takes over. I've since turn off my system till I get some help.
Thanks for your time.

Dave

Attached Files

  • Attached File  OTL.Txt   4.21KB   106 downloads

  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

If you can't see the OTL.exe file on the desktop after downloading it, please follow these instructions: http://www.bleepingc...l62.html#winxp. That should make the OTL.exe file visible.
  • 0

#3
niewczyk

niewczyk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Sorry for the delay in response. I had an emergency to take care of.
I only got a OTL.txt file. No Extras.txt files were produced.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Folder C:\ProgramData\mLhJnNi15302\ not found.
C:\windows\msdownld.tmp folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Basia\Desktop\need dont delete\cmd.bat deleted successfully.
C:\Users\Basia\Desktop\need dont delete\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\MyWebSearch not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Basia
->Temp folder emptied: 98637485 bytes
->Temporary Internet Files folder emptied: 97853173 bytes
->Java cache emptied: 170090 bytes
->Flash cache emptied: 142139 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48300766 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 4485 bytes

Total Files Cleaned = 234.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Basia
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.6 log created on 03132011_195440
Files\Folders moved on Reboot...
C:\Users\Basia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O1IBHWOO\ads[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O1IBHWOO\clk[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O1IBHWOO\iframe3[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IM8YQB0Z\launch[1].txt moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IM8YQB0Z\openmail.app[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H15D5O56\blank[1].html moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H15D5O56\blank[2].html moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H15D5O56\page__pid__1976763[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H15D5O56\st[1] moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CR49SBTQ\openmail.app[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9P7STIDY\fc[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18GG4GWD\ads[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18GG4GWD\openmail.app[1].htm moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Basia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...

Attached Files

  • Attached File  OTL.Txt   4.21KB   120 downloads

  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
That's not the right file. Let's try something else.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.
  • 0

#5
niewczyk

niewczyk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the contents of the DDS.txt

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Robert Newman at 10:35:10 on 2011-06-11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1373 [GMT -4:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Robert Newman\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ADVANC~1\wh_exec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\WuGaCYNWxIaQ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\Documents and Settings\All Users\Application Data\20832036.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WuGaCYNWxIaQ] c:\documents and settings\all users\application data\WuGaCYNWxIaQ.exe
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PaperPort PTD] c:\paprport\pptd40nt.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Transfer by Image Converter 2
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {96C30426-C5F3-43d4-9DF1-2423D90C9E56} - {505B1BAA-923C-4B5A-83EC-C1AE66AC6608} - c:\program files\selected links\LEServer.dll
Trusted Zone: weissresearchissues.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{5486C9D3-D5B0-402B-B50E-D1C1235EB862} : DhcpNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{B87D3BAA-3A8D-4E55-A31F-8AEDD55F735B} : DhcpNameServer = 68.237.161.12 71.250.0.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert newman\application data\mozilla\firefox\profiles\utofwx2x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C} - c:\documents and settings\robert newman\local settings\application data\{ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 PPort;PPort;c:\windows\system32\drivers\PPORT.SYS [2006-11-8 13376]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-29 532224]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;c:\documents and settings\robert newman\local settings\application data\zimbra\zdesktop\zdesktop.exe [2008-12-6 139264]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]
S2 eac_notifysvc;eAcceleration Notification Service;"c:\progra~1\eaccel~1\framew~1\eac_svc.exe" --> c:\progra~1\eaccel~1\framew~1\eac_svc.exe [?]
S2 eac_productsvc;eAcceleration Product Manager Service;"c:\progra~1\eaccel~1\framew~1\eac_productsvc.exe" --> c:\progra~1\eaccel~1\framew~1\eac_productsvc.exe [?]
S3 mipsinf;mipsinf;\??\c:\windows\system32\mipsinf.sys --> c:\windows\system32\mipsinf.sys [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2006-2-26 91841]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-06-08 01:36:16 438784 ---ha-w- c:\documents and settings\all users\application data\20832036.exe
2011-05-06 02:06:06 116224 ----a-w- c:\windows\system32\drivers\1206B.sys
2011-05-06 02:05:57 510976 ---ha-w- c:\documents and settings\all users\application data\WuGaCYNWxIaQ.exe
.
============= FINISH: 10:39:10.95 ===============
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
niewczyk

niewczyk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks. I have control back to my computer.
I don't have all the icons on my desktop I had before the virus occured.
Also my Mozilla Thunderbird and Firefox doesn't seem to want to connect to the internet.
I can't access a web page from Firefox and Thunderbird won't connect to the email server.
Is there anthing else in the log file to take care of?

Dave

ComboFix 11-06-11.01 - Robert Newman 06/11/2011 21:22:30.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1488 [GMT -4:00]
Running from: c:\documents and settings\Robert Newman\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\20832036.exe
c:\documents and settings\All Users\Application Data\WuGaCYNWxIaQ.exe
c:\documents and settings\Robert Newman\Application Data\FFSJ
c:\documents and settings\Robert Newman\Application Data\FFSJ\FFSJ.cfg
c:\documents and settings\Robert Newman\Application Data\Xygauh
c:\documents and settings\Robert Newman\Application Data\Xygauh\ciax.hie
c:\documents and settings\Robert Newman\Application Data\Xygauh\ciax.tmp
c:\documents and settings\Robert Newman\Desktop\Windows Recovery.lnk
c:\documents and settings\Robert Newman\Start Menu\Programs\Windows Recovery
c:\documents and settings\Robert Newman\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\documents and settings\Robert Newman\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
c:\documents and settings\Robert Newman\WINDOWS
c:\windows\IsUn0415.exe
c:\windows\system32\regobj.dll
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 02:06 . 2011-05-06 02:06 116224 ----a-w- c:\windows\system32\drivers\1206B.sys
.
.
((((((((((((((((((((((((((((( [email protected]_20.18.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-12 01:17 . 2011-06-12 01:17 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
+ 2011-06-12 01:17 . 2011-06-12 01:17 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
- 2005-06-13 19:00 . 2010-11-07 21:17 75500 c:\windows\system32\perfc009.dat
+ 2005-06-13 19:00 . 2011-04-20 01:29 75500 c:\windows\system32\perfc009.dat
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2006-11-08 02:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2003-08-18 19:26 . 2003-08-18 19:26 25872 c:\windows\system32\FM20ENU.DLL
- 2009-06-29 01:00 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-29 01:00 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-08-20 10:53 . 2004-08-04 12:00 52352 c:\windows\system32\dllcache\volsnap.sys
- 2007-05-12 10:49 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-12 10:49 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:25 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-20 10:54 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2011-05-06 02:09 . 2011-05-06 02:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-13 19:14 . 2011-05-06 02:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-13 19:14 . 2010-09-23 13:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-05-06 02:09 . 2011-05-06 02:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-01-29 14:08 . 2004-01-29 14:08 32768 c:\windows\system32\ATHPRXY.DLL
- 2001-01-22 08:25 . 2001-01-22 08:25 32768 c:\windows\system32\ATHPRXY.DLL
+ 2005-06-13 19:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-11-14 21:38 . 2005-11-14 21:38 72192 c:\windows\Installer\35eb66.msp
- 2006-10-30 15:15 . 2010-09-24 01:25 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2011-02-22 03:28 . 2011-02-22 03:28 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-06-19 02:00 . 2009-06-19 02:00 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-04-02 19:35 . 2009-04-02 19:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 19:35 . 2009-04-02 19:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2007-03-21 22:58 . 2007-03-21 22:58 24416 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2006-10-27 01:07 . 2006-10-27 01:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2007-03-21 23:00 . 2007-03-21 23:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2011-02-21 03:16 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EB.tmp\PresentationCFFRasterizer.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-02-21 03:24 . 2011-02-21 03:24 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2011-02-21 03:24 . 2011-02-21 03:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-01-29 22:11 . 2010-01-29 22:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-21 03:16 . 2004-08-04 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2011-02-21 03:16 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2011-02-21 03:16 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2011-02-21 03:17 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2011-02-21 03:17 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2011-02-21 03:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2011-02-21 03:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\$hf_mig$\KB979482\SP3GDR\asycfilt.dll
+ 2010-03-05 14:48 . 2010-03-05 14:48 65536 c:\windows\$hf_mig$\KB979482\SP2QFE\asycfilt.dll
+ 2011-02-21 03:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2011-02-21 03:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2006-10-30 15:15 . 2010-09-24 01:25 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-01-30 07:20 . 2010-01-30 07:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-10-25 02:15 . 2008-10-25 02:15 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-10-25 02:15 . 2008-10-25 02:15 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2008-10-25 02:15 . 2008-10-25 02:15 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
+ 2005-06-13 19:00 . 2011-04-20 01:29 450952 c:\windows\system32\perfh009.dat
- 2005-06-13 19:00 . 2010-11-07 21:17 450952 c:\windows\system32\perfh009.dat
- 2005-06-13 19:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
+ 2011-03-25 23:57 . 2011-03-25 23:57 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
- 2005-06-13 19:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2005-06-13 19:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2005-06-13 19:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2005-06-13 12:05 . 2010-05-19 21:11 388000 c:\windows\system32\FNTCACHE.DAT
+ 2005-06-13 12:05 . 2011-02-21 23:36 388000 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-10 05:25 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:25 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 17:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:25 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-12 10:49 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-29 01:00 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-29 01:00 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-02-20 19:33 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 08:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-20 19:43 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2005-06-13 19:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2005-06-13 19:00 . 2004-08-04 12:00 285696 c:\windows\system32\atmfd.dll
- 2005-06-13 19:11 . 2004-08-04 12:00 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2005-06-13 19:11 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\d6aaa.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\d3e86f.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\ca5d95.msp
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\ca5d32.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\a4bdb7.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\9d9e0c.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\36394d7.msp
+ 2008-07-23 04:20 . 2008-07-23 04:20 110592 c:\windows\Installer\35ebb6.msp
+ 2009-04-20 19:59 . 2009-04-20 19:59 219648 c:\windows\Installer\35eba4.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\35eb7a.msp
+ 2009-11-05 19:21 . 2009-11-05 19:21 537600 c:\windows\Installer\35eb3d.msp
+ 2010-11-16 17:54 . 2010-11-16 17:54 906240 c:\windows\Installer\35ea05.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\28aab7.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\15ff2d3.msp
+ 2006-06-13 19:12 . 2006-06-13 19:12 509440 c:\windows\Installer\10f8ecf.msp
+ 2006-10-30 15:15 . 2011-02-25 03:17 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-10-30 15:15 . 2010-09-24 01:25 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-10-30 15:15 . 2011-02-25 03:17 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2007-05-10 13:04 . 2007-05-10 13:04 846248 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
+ 2011-02-21 03:16 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-02-21 03:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-02-21 03:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-02-21 03:16 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-02-21 03:16 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-02-21 03:16 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-02-21 23:45 . 2011-02-21 23:45 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2011-02-21 23:42 . 2011-02-21 23:42 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2011-02-22 00:04 . 2011-02-22 00:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2011-02-21 23:44 . 2011-02-21 23:44 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2011-02-21 23:45 . 2011-02-21 23:45 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2011-02-21 23:41 . 2011-02-21 23:41 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2011-02-21 23:41 . 2011-02-21 23:41 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2011-02-21 23:41 . 2011-02-21 23:41 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2011-02-21 23:45 . 2011-02-21 23:45 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2011-02-21 23:45 . 2011-02-21 23:45 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-01-29 22:11 . 2010-01-29 22:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2011-02-21 03:25 . 2004-08-04 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2011-02-21 03:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2011-02-21 03:17 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2011-02-21 03:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2011-02-21 03:16 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2011-02-21 03:16 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2011-02-21 03:16 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2011-02-21 03:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2011-02-21 03:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2011-02-21 03:25 . 2010-02-23 00:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2011-02-21 03:25 . 2004-08-04 12:00 743936 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2011-02-21 03:16 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2011-02-21 03:16 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2011-02-21 03:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2011-02-20 19:33 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-20 19:33 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-21 03:25 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2011-02-21 03:25 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\$hf_mig$\KB980218\SP3GDR\atmfd.dll
+ 2010-04-20 05:42 . 2010-04-20 05:42 285824 c:\windows\$hf_mig$\KB980218\SP2QFE\atmfd.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2011-02-21 03:25 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2011-02-21 03:25 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2011-02-21 03:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2011-02-21 03:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2011-02-21 03:17 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2011-02-21 03:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2011-02-21 03:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2011-02-21 03:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2011-02-21 03:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2011-02-21 03:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2011-02-21 03:15 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2011-02-21 03:25 . 2010-02-23 00:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2011-02-21 03:25 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2011-02-21 03:25 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2011-02-20 19:43 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2011-02-20 19:43 . 2010-06-14 14:31 744448 c:\windows\$hf_mig$\KB2229593\SP3GDR\helpsvc.exe
+ 2011-02-20 19:43 . 2010-06-14 15:13 744448 c:\windows\$hf_mig$\KB2229593\SP2QFE\helpsvc.exe
+ 2005-06-13 19:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-08-20 10:53 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2005-06-13 19:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2010-06-09 18:47 . 2011-05-10 03:03 5787004 c:\windows\system32\Restore\rstrlog.dat
+ 2005-06-13 19:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
- 2005-06-13 19:00 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2005-06-13 19:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2011-03-25 23:57 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-10-17 16:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2009-08-20 20:09 . 2009-08-20 20:09 1193832 c:\windows\system32\FM20.DLL
+ 2005-06-13 19:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-08-20 10:53 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2005-06-13 19:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2005-06-13 19:00 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 10:53 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-08-20 10:53 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-05-19 15:06 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-12 10:49 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-12 10:49 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\d6ab0.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\d6aad.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\d3e87d.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\d3e87b.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\d3e872.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\d3e86d.msp
+ 2009-04-24 17:31 . 2009-04-24 17:31 1425920 c:\windows\Installer\d3e865.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\d3e85b.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\d3e850.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\ca5d9b.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\ca5d98.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\ca5d84.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\ca5d3e.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\ca5d3d.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\a4bdbd.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\a4bdba.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\9d9e12.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\9d9e0f.msp
+ 2006-07-18 20:01 . 2006-07-18 20:01 9136128 c:\windows\Installer\811753.msp
+ 2006-04-19 17:00 . 2006-04-19 17:00 2165248 c:\windows\Installer\811750.msp
+ 2006-07-18 20:01 . 2006-07-18 20:01 9136128 c:\windows\Installer\72ae8b.msp
+ 2006-04-19 17:00 . 2006-04-19 17:00 2165248 c:\windows\Installer\72ae88.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\36394dd.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\36394da.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\35ebb8.msp
+ 2010-10-04 21:00 . 2010-10-04 21:00 7973888 c:\windows\Installer\35eb92.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\35eb7d.msp
+ 2008-09-04 20:52 . 2008-09-04 20:52 4337664 c:\windows\Installer\35eb78.msp
+ 2010-08-09 21:44 . 2010-08-09 21:44 3778048 c:\windows\Installer\35eb53.msp
+ 2010-01-11 21:35 . 2010-01-11 21:35 4480000 c:\windows\Installer\35eb12.msp
+ 2006-02-27 21:31 . 2006-02-27 21:31 1269248 c:\windows\Installer\35eaff.msp
+ 2010-10-04 18:59 . 2010-10-04 18:59 8300032 c:\windows\Installer\35eaed.msp
+ 2006-03-28 20:37 . 2006-03-28 20:37 6956032 c:\windows\Installer\35eadb.msp
+ 2006-08-29 22:50 . 2006-08-29 22:50 3210240 c:\windows\Installer\35eac6.msp
+ 2010-10-04 18:55 . 2010-10-04 18:55 9629696 c:\windows\Installer\35eab3.msp
+ 2010-08-27 18:36 . 2010-08-27 18:36 2807296 c:\windows\Installer\35ea9f.msp
+ 2004-03-10 14:13 . 2004-03-10 14:13 2602496 c:\windows\Installer\35ea85.msp
+ 2010-08-18 15:19 . 2010-08-18 15:19 8400896 c:\windows\Installer\35ea73.msp
+ 2004-09-13 05:35 . 2004-09-13 05:35 1452544 c:\windows\Installer\35ea60.msp
+ 2009-08-20 20:27 . 2009-08-20 20:27 3622400 c:\windows\Installer\35ea18.msp
+ 2010-05-24 18:54 . 2010-05-24 18:54 6704640 c:\windows\Installer\35e9c6.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\28aabd.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\28aaba.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\15ff2d9.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\15ff2d6.msp
+ 2006-09-19 21:13 . 2006-09-19 21:13 8272896 c:\windows\Installer\10f8ed5.msp
+ 2006-09-19 16:23 . 2006-09-19 16:23 9137152 c:\windows\Installer\10f8ed2.msp
+ 2009-04-03 22:57 . 2009-04-03 22:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-04-02 19:35 . 2009-04-02 19:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2009-02-05 16:36 . 2009-02-05 16:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
+ 2007-03-21 22:58 . 2007-03-21 22:58 4145520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-05-10 14:11 . 2007-05-10 14:11 1767256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2006-10-27 19:18 . 2006-10-27 19:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-03-21 22:56 . 2007-03-21 22:56 8425856 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2011-02-21 03:16 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-02-21 03:16 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-02-21 03:24 . 2011-02-21 03:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2011-02-21 03:17 . 2011-02-21 03:17 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2011-02-22 00:04 . 2011-02-22 00:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2011-02-22 00:04 . 2011-02-22 00:04 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2011-02-22 00:04 . 2011-02-22 00:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2011-02-21 23:44 . 2011-02-21 23:44 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2011-02-21 23:44 . 2011-02-21 23:44 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2011-02-21 23:42 . 2011-02-21 23:42 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2011-02-21 23:47 . 2011-02-21 23:47 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-02-21 23:46 . 2011-02-21 23:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2011-02-21 03:24 . 2011-02-21 03:24 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-02-21 03:14 . 2011-02-21 03:14 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-02-21 03:24 . 2011-02-21 03:24 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-02-21 03:24 . 2011-02-21 03:24 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-01-29 22:11 . 2010-01-29 22:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-02-21 03:23 . 2011-02-21 03:23 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-01-30 07:20 . 2010-01-30 07:20 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-02-21 03:17 . 2009-08-14 12:19 1850112 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2011-02-21 03:16 . 2009-05-20 08:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2011-02-21 03:15 . 2009-11-27 17:33 1291264 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2011-02-20 19:33 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-05-02 05:22 . 2010-05-02 05:22 1851264 c:\windows\$hf_mig$\KB979559\SP3GDR\win32k.sys
+ 2010-05-02 07:09 . 2010-05-02 07:09 1859968 c:\windows\$hf_mig$\KB979559\SP2QFE\win32k.sys
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-02-05 18:27 . 2010-02-05 18:27 1291776 c:\windows\$hf_mig$\KB975562\SP3GDR\quartz.dll
+ 2010-02-05 18:14 . 2010-02-05 18:14 1291776 c:\windows\$hf_mig$\KB975562\SP2QFE\quartz.dll
+ 2005-12-28 02:36 . 2011-02-04 22:34 37443528 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2007-05-12 10:49 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\d6aa7.msp
+ 2004-01-30 08:19 . 2004-01-30 08:19 56269996 c:\windows\Installer\d6aa5.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\d3e852.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\ca5d92.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\ca5d90.msp
+ 2009-04-04 12:35 . 2009-04-04 12:35 38325760 c:\windows\Installer\ca5d6a.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\ca5d4c.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\a4bdb4.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\9d9e09.msp
+ 2005-08-17 00:46 . 2005-08-17 00:46 32520704 c:\windows\Installer\81174d.msp
+ 2005-08-17 00:46 . 2005-08-17 00:46 32520704 c:\windows\Installer\72ae85.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\36394d4.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\35eb3f.msp
+ 2005-09-25 16:46 . 2005-09-25 16:46 16084480 c:\windows\Installer\35eb2a.msp
+ 2009-07-20 17:03 . 2009-07-20 17:03 16465408 c:\windows\Installer\35e9ed.msp
+ 2010-08-18 15:12 . 2010-08-18 15:12 17516032 c:\windows\Installer\35e9d9.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\28aab4.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\15ff2d0.msp
+ 2007-07-08 16:29 . 2007-07-08 16:29 37514240 c:\windows\Installer\10f8ecc.msp
+ 2009-04-03 23:01 . 2009-04-03 23:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\MSO.DLL
+ 2007-05-10 14:25 . 2007-05-10 14:25 14677368 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2007-05-08 15:10 . 2007-05-08 15:10 16874376 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
+ 2011-02-21 03:16 . 2010-02-25 15:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-02-21 03:17 . 2011-02-21 03:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2011-02-21 23:48 . 2011-02-21 23:48 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2011-02-21 23:45 . 2011-02-21 23:45 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2011-02-21 03:16 . 2011-02-21 03:16 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2011-02-21 23:40 . 2011-02-21 23:40 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2011-02-21 03:25 . 2011-02-21 03:25 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
+ 2010-05-06 21:06 . 2010-05-06 21:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"PaperPort PTD"="c:\paprport\pptd40nt.exe" [2010-12-05 0]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 2748928]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robert Newman^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 17:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-01-12 16:10 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-08 03:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\2nd Story Software\\TaxACT 2007\\TaxAct07.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\WinSCP3\\WinSCP.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 PPort;PPort;c:\windows\system32\drivers\PPORT.SYS [11/8/2006 11:26 AM 13376]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 AM 6784]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 8:47 AM 98304]
S2 eac_notifysvc;eAcceleration Notification Service;"c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe" --> c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [?]
S2 eac_productsvc;eAcceleration Product Manager Service;"c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe" --> c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 7:40 AM 118784]
S2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;c:\documents and settings\Robert Newman\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [12/6/2008 1:41 PM 139264]
S3 mipsinf;mipsinf;\??\c:\windows\system32\mipsinf.sys --> c:\windows\system32\mipsinf.sys [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/26/2006 7:29 PM 91841]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2008-08-20 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2005-06-13 12:00]
.
2008-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2010-05-18 c:\windows\Tasks\mixpadSevenDaysInit.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-05-18 01:40]
.
2011-02-15 c:\windows\Tasks\pixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-12-30 02:45]
.
2011-02-15 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-12-30 02:45]
.
2010-05-18 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-18 01:39]
.
2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{3E35D3D9-2854-439C-8A76-E40535F9045B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
2011-02-08 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-05-18 01:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startpage.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Transfer by Image Converter 2
IE: {{96C30426-C5F3-43d4-9DF1-2423D90C9E56} - {505B1BAA-923C-4B5A-83EC-C1AE66AC6608} - c:\program files\Selected Links\LEServer.dll
Trusted Zone: weissresearchissues.com\www
FF - ProfilePath - c:\documents and settings\Robert Newman\Application Data\Mozilla\Firefox\Profiles\utofwx2x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C} - c:\documents and settings\Robert Newman\Local Settings\Application Data\{ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WuGaCYNWxIaQ - c:\documents and settings\All Users\Application Data\WuGaCYNWxIaQ.exe
AddRemove-Wielki słownik polsko-angielski i angielsko-polski PWN-OXFORD - c:\windows\IsUn0415.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 21:33
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2011-06-11 21:36:38
ComboFix-quarantined-files.txt 2011-06-12 01:36
ComboFix2.txt 2011-02-20 20:21
ComboFix3.txt 2011-02-20 00:05
.
Pre-Run: 97,255,600,128 bytes free
Post-Run: 97,280,679,936 bytes free
.
- - End Of File - - A0169B385E1AB6152CD59E49F2796B74
  • 0

#8
niewczyk

niewczyk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thunderbird and Firefox are now working. I rebooted my system and everything worked.

Dave
  • 0

#9
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\drivers\1206B.sys
c:\windows\system32\mipsinf.sys
c:\windows\Tasks\$~$Sys0$.job

Folder::
c:\documents and settings\Robert Newman\Local Settings\Application Data\{ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C}

Firefox::
FF - ProfilePath - c:\documents and settings\Robert Newman\Application Data\Mozilla\Firefox\Profiles\utofwx2x.default\
FF - Ext: XULRunner: {ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C} - c:\documents and settings\Robert Newman\Local Settings\Application Data\{ECEB55C1-21B7-4AC5-B5EE-6970360E7F3C}

Driver::
mipsinf

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP