1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved This Machine is Possessed!

Discussion in 'Malware and Virus Removal Archive' started by Blue Star, 2010/09/18.

Page 2 of 3
  1. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    + 2006-11-02 06:52 . 2006-11-02 09:40 145920 c:\windows\System32\msaudite.dll
    + 2009-11-18 15:04 . 2010-06-01 17:37 221568 c:\windows\System32\MpSigStub.exe
    + 2006-11-02 07:25 . 2006-09-18 21:33 673088 c:\windows\System32\mlang.dat
    + 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\System32\mfc40u.dll
    + 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\System32\mfc40.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 180224 c:\windows\System32\Macromed\Shockwave 10\Proj.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 475136 c:\windows\System32\Macromed\Shockwave 10\PluginPing.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 339968 c:\windows\System32\Macromed\Shockwave 10\Plugin.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 606208 c:\windows\System32\Macromed\Shockwave 10\iml32X.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 471040 c:\windows\System32\Macromed\Shockwave 10\Control.dll
    + 2010-08-16 01:16 . 2010-08-16 01:16 232912 c:\windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    + 2010-08-16 01:16 . 2010-08-16 01:16 311760 c:\windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.dll
    + 2010-06-20 14:10 . 2010-06-20 14:10 231888 c:\windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
    + 2010-06-20 14:10 . 2010-06-20 14:10 311760 c:\windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.dll
    + 2006-11-02 06:25 . 2006-09-18 21:43 221600 c:\windows\System32\lanman.drv
    + 2010-08-11 20:49 . 2010-06-26 06:02 164352 c:\windows\System32\ieui.dll
    - 2010-03-31 15:23 . 2010-02-23 06:33 164352 c:\windows\System32\ieui.dll
    + 2010-08-11 20:49 . 2010-06-26 06:02 184320 c:\windows\System32\iepeers.dll
    - 2010-03-31 15:23 . 2010-02-23 06:33 184320 c:\windows\System32\iepeers.dll
    - 2010-03-31 15:23 . 2010-02-23 06:33 387584 c:\windows\System32\iedkcs32.dll
    + 2010-08-11 20:49 . 2010-06-26 06:02 387584 c:\windows\System32\iedkcs32.dll
    - 2010-03-31 15:23 . 2010-02-23 04:55 173056 c:\windows\System32\ie4uinit.exe
    + 2010-08-11 20:49 . 2010-06-26 04:24 173056 c:\windows\System32\ie4uinit.exe
    + 2004-05-27 20:00 . 2004-05-27 20:00 118784 c:\windows\System32\HPODXPAT.DLL
    + 2006-11-02 12:47 . 2010-08-11 22:09 249312 c:\windows\System32\FNTCACHE.DAT
    + 2006-11-02 06:47 . 2006-11-02 09:46 380957 c:\windows\System32\expsrv.dll
    + 2006-11-02 07:36 . 2006-11-02 09:50 112232 c:\windows\System32\drivers\vsmraid.sys
    + 2006-11-02 07:36 . 2006-11-02 09:50 115816 c:\windows\System32\drivers\ulsata2.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 235112 c:\windows\System32\drivers\uliahci.sys
    + 2010-08-11 20:46 . 2010-06-16 16:04 905088 c:\windows\System32\drivers\tcpip.sys
    + 2010-08-11 20:48 . 2010-06-18 15:04 144896 c:\windows\System32\drivers\srv2.sys
    - 2009-11-18 15:47 . 2009-11-18 15:47 144896 c:\windows\System32\drivers\srv2.sys
    + 2010-08-11 20:48 . 2010-06-18 15:04 302080 c:\windows\System32\drivers\srv.sys
    - 2010-02-10 17:08 . 2009-12-11 11:43 302080 c:\windows\System32\drivers\srv.sys
    + 2006-11-02 07:36 . 2006-11-02 09:50 106088 c:\windows\System32\drivers\ql40xx.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 900712 c:\windows\System32\drivers\ql2300.sys
    + 2009-06-18 23:48 . 2010-03-26 01:30 151216 c:\windows\System32\drivers\MpFilter.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 232040 c:\windows\System32\drivers\iaStorV.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 316520 c:\windows\System32\drivers\elxstor.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 147048 c:\windows\System32\drivers\adpu320.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 297576 c:\windows\System32\drivers\adpahci.sys
    + 2006-11-02 07:36 . 2006-11-02 09:51 420968 c:\windows\System32\drivers\adp94xx.sys
    + 2006-11-02 07:31 . 2006-11-02 09:39 536576 c:\windows\System32\dmdskres.dll
    + 2006-11-02 06:49 . 2006-11-02 09:46 149019 c:\windows\System32\crtdll.dll
    + 2009-11-18 20:11 . 2010-08-12 01:38 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-10-24 03:34 . 2009-10-24 03:34 507904 c:\windows\System32\btwapi.dll
    + 2006-11-02 07:38 . 2006-11-02 09:46 274432 c:\windows\System32\AuthFWWizFwk.dll
    - 2009-11-18 17:31 . 2009-11-18 17:31 289792 c:\windows\System32\atmfd.dll
    + 2010-06-11 18:30 . 2010-05-26 14:47 289792 c:\windows\System32\atmfd.dll
    + 2010-08-18 06:13 . 2010-08-18 06:13 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
    + 2010-08-18 06:22 . 2010-08-18 06:22 467224 c:\windows\System32\Adobe\Shockwave 11\SwHelper_1158612.exe
    + 2010-08-18 06:02 . 2010-08-18 06:02 136568 c:\windows\System32\Adobe\Shockwave 11\SCC.dll
    + 2010-08-18 06:14 . 2010-08-18 06:14 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
    + 2010-08-18 06:13 . 2010-08-18 06:13 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 790016 c:\windows\System32\Adobe\Shockwave 11\gi.dll
    + 2010-08-18 06:13 . 2010-08-18 06:13 503808 c:\windows\System32\Adobe\Shockwave 11\Control.dll
    + 2010-08-18 06:22 . 2010-08-18 06:22 213272 c:\windows\System32\Adobe\Director\SwDir.dll
    + 2010-08-18 06:14 . 2010-08-18 06:14 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
    + 2009-11-23 15:41 . 2010-08-23 23:27 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-08-04 23:21 . 2010-08-04 17:03 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-03-18 17:16 . 2010-03-18 17:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
    + 2010-03-18 04:51 . 2010-03-18 04:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    + 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 129896 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    - 2009-11-21 16:50 . 2009-02-18 18:38 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    - 2009-11-21 16:49 . 2009-02-18 18:38 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    - 2009-11-21 16:50 . 2009-03-30 04:42 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2010-06-11 18:20 . 2010-03-25 11:53 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2009-11-21 16:48 . 2009-03-30 04:42 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-06-11 18:36 . 2010-03-04 12:53 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2009-11-23 23:06 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2010-06-29 13:25 . 2010-06-29 13:25 272384 c:\windows\Installer\a3592.msi
    + 2010-06-29 13:24 . 2010-06-29 13:24 254976 c:\windows\Installer\a3573.msi
    + 2010-05-25 16:53 . 2010-05-25 16:53 119296 c:\windows\Installer\5a7a8.msi
    + 2009-09-09 19:40 . 2009-09-09 19:40 632320 c:\windows\Installer\4c2ff0d.msp
    + 2008-06-11 18:02 . 2008-06-11 18:02 830464 c:\windows\Installer\4c2fe48.msp
    + 2010-09-13 14:38 . 2010-09-13 14:38 331264 c:\windows\Installer\325496.msi
    + 2010-08-15 06:46 . 2010-08-15 06:46 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    + 2010-08-15 06:46 . 2010-08-15 06:46 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    + 2010-08-15 06:46 . 2010-08-15 06:46 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
    + 2010-05-25 01:22 . 2010-09-15 19:51 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2010-05-25 01:22 . 2010-09-15 19:51 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2010-05-25 01:22 . 2010-09-15 19:51 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2010-05-25 01:22 . 2010-09-15 19:51 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
     
    Blue Star,
    #21
  2. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    + 2010-05-25 01:22 . 2010-09-15 19:51 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-03-22 23:22 . 2007-03-22 23:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
    + 2007-05-31 17:42 . 2007-05-31 17:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
    + 2007-04-19 17:53 . 2007-04-19 17:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
    + 2007-05-10 18:35 . 2007-05-10 18:35 120160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
    + 2007-04-19 17:54 . 2007-04-19 17:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
    + 2007-04-19 18:09 . 2007-04-19 18:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
    + 2003-04-02 15:21 . 2003-04-02 15:21 111632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WAVTOASF.EXE
    + 2003-07-21 15:46 . 2003-07-21 15:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
    + 2003-07-15 07:18 . 2003-07-15 07:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
    + 2003-07-15 02:43 . 2003-07-15 02:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
    + 2003-07-15 02:45 . 2003-07-15 02:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
    + 2003-07-08 15:48 . 2003-07-08 15:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
    + 2003-07-15 02:44 . 2003-07-15 02:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
    + 2003-07-15 07:14 . 2003-07-15 07:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
    + 2003-07-15 07:14 . 2003-07-15 07:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
    + 2003-07-15 07:14 . 2003-07-15 07:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
    + 2010-05-25 01:21 . 2010-05-25 01:21 223800 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
    + 2003-07-15 03:00 . 2003-07-15 03:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
    + 1998-06-17 15:52 . 1998-06-17 15:52 401462 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSVCP60.DLL
    + 2003-07-24 02:40 . 2003-07-24 02:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
    + 2003-07-15 02:56 . 2003-07-15 02:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
    + 2003-07-15 03:02 . 2003-07-15 03:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
    + 2003-06-19 20:05 . 2003-06-19 20:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
    + 2003-07-15 07:18 . 2003-07-15 07:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
    + 2003-07-24 02:35 . 2003-07-24 02:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
    + 2003-07-15 07:14 . 2003-07-15 07:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
    + 2003-07-15 02:57 . 2003-07-15 02:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
    + 2002-04-10 00:14 . 2002-04-10 00:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
    + 2002-12-17 23:08 . 2002-12-17 23:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
    + 2003-07-15 02:51 . 2003-07-15 02:51 116288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
    + 2003-07-15 02:58 . 2003-07-15 02:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
    + 2003-07-15 02:46 . 2003-07-15 02:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
    + 2003-06-18 21:31 . 2003-06-18 21:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
    + 2003-06-18 21:31 . 2003-06-18 21:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
    + 2003-06-18 21:31 . 2003-06-18 21:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
    + 2003-07-24 02:32 . 2003-07-24 02:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
    + 2003-07-15 02:53 . 2003-07-15 02:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
    + 2003-07-25 23:14 . 2003-07-25 23:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
    + 2003-07-15 02:40 . 2003-07-15 02:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
    + 2003-07-15 02:40 . 2003-07-15 02:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
    + 2003-07-15 03:36 . 2003-07-15 03:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
    + 2003-07-31 19:19 . 2003-07-31 19:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
    + 2003-07-15 07:14 . 2003-07-15 07:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
    + 2003-07-15 07:18 . 2003-07-15 07:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
    + 2009-12-21 23:35 . 2009-12-21 23:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
    + 2009-12-21 23:34 . 2009-12-21 23:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
    + 2009-11-10 00:18 . 2009-11-10 00:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
    + 2009-12-22 01:02 . 2009-12-22 01:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
    + 2009-12-21 23:43 . 2009-12-21 23:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
    + 2009-12-22 06:57 . 2009-12-22 06:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
    + 2009-12-21 23:15 . 2009-12-21 23:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
    + 2009-12-22 00:32 . 2009-12-22 00:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
    + 2009-12-22 00:15 . 2009-12-22 00:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
    + 2006-11-02 10:25 . 2010-08-15 06:47 143360 c:\windows\inf\infstrng.dat
    + 2009-10-15 19:58 . 2009-10-15 19:58 163840 c:\windows\Downloaded Program Files\axloader.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\fb5046d7fcf777313821ebae0c3632c7\XPBurnComponent.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\46299301e4aa9211f96e7686c14c1470\WsatConfig.ni.exe
    + 2010-06-11 20:03 . 2010-06-11 20:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c2c84b416312c17dd3c51508bc4d0132\WindowsFormsIntegration.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\4609787a9b076765ecb68581a25df450\UIAutomationTypes.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\13086a9f77833f0ee92728d0cecfdc79\UIAutomationClient.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\20608428d18ca5681cb1af1894733207\TaskScheduler.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\622598bd00035f69c52e29e5ca8b8050\System.Xml.Linq.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\cb5a8e2b3e7e4cd51836c3acb36b123d\System.Web.Routing.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d7a533d68e1dd6033cf47ca308c3705f\System.Web.RegularExpressions.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\53ff9779755cfee83ac6fd6411e2e00b\System.Web.Entity.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6ff16cd390716f42051274d9413abaf8\System.Web.Entity.Design.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\315070f6f71e735e7068191754af4860\System.Web.DynamicData.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\7b116c427d7528fa1da76ec0d5eb003b\System.Web.Abstractions.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6b7e54579cc1a225d045f90710e25bfe\System.Transactions.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6ab74b6e4a68bf93e3b27263317f744d\System.ServiceProcess.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5de9f13746e8d65eb0a8742dd5e2034e\System.Security.ni.dll
    + 2010-06-11 20:00 . 2010-06-11 20:00 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\16944bd9a01375d76431d74279723415\System.Security.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c98ba140a70ea6cb494dc75869845f6f\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\bb8b24798ce7f5fbe65b0eb1a8a11cc6\System.Net.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\320e40e628ff5e04cdb1df518f7c6a6a\System.Messaging.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d8d5ada35c3c63fe122727bc6f7ac705\System.Management.Instrumentation.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 159232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\97e4e841e1b9e147a65e83a716d942d0\System.Management.Automation.resources.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\f392a161be6c4df987d090dfa3138f29\System.IO.Log.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\3666e4bfb1c842cb114b4e8ba8071a61\System.IdentityModel.Selectors.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5b0655cec8c06bb5fcf3870451b89515\System.EnterpriseServices.Wrapper.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5b0655cec8c06bb5fcf3870451b89515\System.EnterpriseServices.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b7d681010afba351800a16a14706e6ee\System.Drawing.Design.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c2496f8afdb090b244e415fc8d24fcc2\System.DirectoryServices.Protocols.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\22bc42bfc494f179da8e4dfbc58984ee\System.DirectoryServices.AccountManagement.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e63f206e5fbc356c0c4f76279bdced39\System.Data.Services.Client.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\53b0dc0e577da5b7fd669ace52b185db\System.Data.Services.Design.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\46361a02659be347fa5950e1fa203975\System.Data.Entity.Design.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\6ecbcbf2c7de8474dcb1ee3a212b7ac7\System.Data.DataSetExtensions.ni.dll
    + 2010-06-11 19:39 . 2010-06-11 19:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f79144169e7c2560f713b3e6058b8c96\System.Configuration.ni.dll
    + 2010-06-11 20:00 . 2010-06-11 20:00 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\e02f453d576a8815fa2fedb19a92b7a5\System.Configuration.Install.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\09c4ffff65698383d7f074ecd2d93e50\System.AddIn.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\723e877d7b2a6ef55f2ae48ce7c1ee09\sysglobl.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c8eb0ce0e0951f8acd0366504511c121\SMSvcHost.ni.exe
    + 2010-06-11 19:39 . 2010-06-11 19:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1e5f52924313bd9c21255a2046340df5\SMDiagnostics.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f0c9dddb08f44024a8e3b80d8d5cd728\ServiceModelReg.ni.exe
    + 2010-06-11 19:37 . 2010-06-11 19:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9906cc70a0106499a0fff7e06ac3087b\PresentationFramework.Classic.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68c35c55c9651d3042ac41d23496e896\PresentationFramework.Aero.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d3b3c41ed8eca789d37578f7a3cee28\PresentationFramework.Luna.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5ccc082c1ae24fdf58a527c27c302bfe\PresentationFramework.Royale.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\f1dbebefdc4fc2583381fc12091748d1\napsnap.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\066069d586b6d799c24f13ac0f533349\napinit.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\fb54f69405c0a16d69c0ff218b8b226c\naphlpr.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\d63bc63c7ce10c2d82e275a44b560b28\MSBuild.ni.exe
    + 2010-06-11 19:42 . 2010-06-11 19:42 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\8fa845f6080de8f787a3682150da8a60\MMCFxCommon.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0f87900100756069dcb3d66b7c2fe145\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-06-11 20:00 . 2010-06-11 20:00 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\c48f55272d53c1c22cfe09b5340fc36b\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\61ae27f87809e4e4b52c25f051dc8338\Microsoft.Practices.ObjectBuilder.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\5a870a800a340e0d4b134b3d63b27a69\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 309248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\33b3fb406479e7fad5e929775124a715\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 498176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e1c198ae848e5947c75eb327ec3d40d1\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9aa695113b4283447347220d833f969b\Microsoft.PowerShell.Security.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f233a50eab5d2c5646b1751b36ac971\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4772dd58cf6ca1836a30eeb6b4ef966b\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\0676d3f49c8f8e709c42490b8e919b01\Microsoft.ManagementConsole.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 264704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\d6f695749c2dda97c93daf4dcd450117\Microsoft.GroupPolicy.Interop.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\93be1ba0677b1e1f2ec83db1a9f10785\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8cdbe5070af8739b840ca237acda0b06\Microsoft.Build.Utilities.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6010eb2c3d4b61dd6536cf3c36880d36\Microsoft.Build.Engine.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\ff701f624360bf1729bb3d032a536008\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 230400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\3388159da13ac7156ba3adf96d8667ae\Microsoft.ApplicationBlocks.Updater.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\6189573ab0aebe759daf13fca9841bec\EventViewer.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ddcf52de4404af7493f632a96ecae702\DriversHQ.DriverDetective.Common.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 338944 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\25616013dbdda11984c50c5665f1243b\DriversHQ.DriverDetective.Client.Communication.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 529920 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\6c6ca09ad7130790bd54fa2708cba33f\DriversHQ.Common.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\11e7010bbb22a78ec4f9310bb5906686\CustomMarshalers.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\2aea4057ea6b121e350d2639e56290e6\ComSvcConfig.ni.exe
    + 2010-06-11 19:41 . 2010-06-11 19:41 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\3c164f3f7fd2d99e322680fd5d7af675\AspNetMMCExt.ni.dll
    - 2009-11-21 16:48 . 2009-03-30 04:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-11 18:36 . 2010-03-04 12:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2009-11-21 16:50 . 2009-02-18 18:38 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2010-06-11 18:22 . 2010-04-12 12:20 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2009-11-21 16:49 . 2009-02-18 18:38 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2006-11-02 07:12 . 2006-11-02 09:47 991232 c:\windows\assembly\GAC_MSIL\Narrator\6.0.0.0__31bf3856ad364e35\Narrator.exe
    + 2006-11-02 06:55 . 2006-11-02 09:47 200704 c:\windows\assembly\GAC_MSIL\Microsoft.Tpm\6.0.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
    + 2010-05-25 02:12 . 2010-05-25 02:12 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2010-05-25 01:21 . 2010-05-25 01:21 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
    + 2010-05-25 01:21 . 2010-05-25 01:21 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    - 2010-02-24 03:40 . 2010-01-06 15:38 173056 c:\windows\AppPatch\AcXtrnal.dll
    + 2010-06-23 12:30 . 2010-04-16 16:43 173056 c:\windows\AppPatch\AcXtrnal.dll
    + 2010-06-23 12:30 . 2010-04-16 16:43 458752 c:\windows\AppPatch\AcSpecfc.dll
    - 2010-02-24 03:40 . 2010-01-06 15:38 458752 c:\windows\AppPatch\AcSpecfc.dll
    + 2010-06-23 12:30 . 2010-04-16 16:43 542720 c:\windows\AppPatch\AcLayers.dll
    - 2010-02-24 03:40 . 2010-01-06 15:38 542720 c:\windows\AppPatch\AcLayers.dll
    + 2010-06-23 12:28 . 2010-03-31 13:03 1249280 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.22377_none_599877a75e3c7b28\WindowsBase.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 1249280 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.18236_none_59391a4244ff5243\WindowsBase.dll
    + 2010-06-23 12:28 . 2010-03-31 13:03 5279744 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.22377_none_70b1c6c96c6cc352\PresentationFramework.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 5279744 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.18236_none_70526964532f9a6d\PresentationFramework.dll
    + 2010-06-11 18:22 . 2010-04-12 12:22 5988352 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6002.22380_none_fe0f09ef0565c535\System.ServiceModel.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 5967872 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6002.18239_none_14d6e234ebc3cd25\System.ServiceModel.dll
    + 2010-06-11 18:20 . 2010-03-25 11:54 5246976 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6002.22372_none_e03cd0a530762349\System.Web.dll
    + 2010-06-11 18:20 . 2010-03-25 11:53 5242880 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6002.18232_none_f706763d16d25de7\System.Web.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 5136384 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6000.16386_none_f7532a57162c2143\System.Web.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 2894336 c:\windows\winsxs\x86_system.data_b77a5c561934e089_6.0.6000.16386_none_94c1deb7b3d8b7f5\System.Data.dll
    + 2010-06-23 12:28 . 2009-06-17 08:03 1736024 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22377_none_ae5c7d02a66aa525\wpfgfx_v0300.dll
    + 2010-06-23 12:28 . 2010-03-31 13:02 4218880 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22377_none_ae5c7d02a66aa525\PresentationCore.dll
    + 2009-11-21 16:50 . 2009-02-18 18:39 1737064 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18236_none_adfd1f9d8d2d7c40\wpfgfx_v0300.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 4214784 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18236_none_adfd1f9d8d2d7c40\PresentationCore.dll
    + 2006-11-02 07:38 . 2006-11-02 09:46 4591616 c:\windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536\AuthFWSnapin.dll
    + 2006-11-02 06:34 . 2006-11-02 06:34 1157120 c:\windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.0.6000.16386_none_401a8e2fa5e9a8c2\vbc.exe
    + 2010-08-11 20:48 . 2010-05-19 11:41 5819728 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_1b6ad74448dc3881\mscorwks.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 5813072 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_323f4cec2f2e898b\mscorwks.dll
    + 2006-11-02 06:34 . 2006-11-02 06:34 5632512 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_3288d2982e8b3424\mscorwks.dll
    + 2010-06-23 12:29 . 2009-11-08 14:55 1130824 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.1.6001.18242_none_40858864fbe3e0ce\dfshim.dll
    + 2006-11-02 06:34 . 2006-11-02 06:34 1155584 c:\windows\winsxs\x86_netfx-csharp_compiler_cscomp_b03f5f7f11d50a3a_6.0.6000.16386_none_2998a095d18afc59\cscomp.dll
    + 2006-11-02 06:34 . 2006-11-02 06:34 1330688 c:\windows\winsxs\x86_netfx-_vsavb7rt_b03f5f7f11d50a3a_6.0.6000.16386_none_7f3bb25db87ba6c2\VsaVb7rt.dll
    + 2010-08-11 20:48 . 2010-05-19 11:39 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22409_none_b0c40856db54d3fc\mscorlib.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18260_none_c7987dfec1a72506\mscorlib.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 4366336 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\mscorlib.dll
    + 2010-08-15 06:48 . 2010-08-15 06:48 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
    + 2010-08-15 06:48 . 2010-08-15 06:48 1105920 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
    + 2010-08-11 20:48 . 2010-06-21 13:47 2045952 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22428_none_bb55f649b0d3b032\win32k.sys
    + 2010-06-11 18:23 . 2010-05-01 14:26 2045440 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22396_none_bb08445bb10e43f4\win32k.sys
    + 2010-08-11 20:48 . 2010-06-21 13:37 2037760 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18275_none_ba93471e97e152f1\win32k.sys
    + 2010-06-11 18:23 . 2010-05-01 14:13 2037248 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18253_none_baa6e66297d2e861\win32k.sys
    + 2010-08-11 20:48 . 2010-06-21 13:25 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22716_none_b97853b9b3a70c6f\win32k.sys
    + 2010-06-11 18:23 . 2010-05-01 20:27 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22682_none_b928a137b3e36d83\win32k.sys
    + 2010-08-11 20:48 . 2010-06-21 13:18 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18496_none_b89833c29aca51df\win32k.sys
    + 2010-06-11 18:23 . 2010-05-01 13:53 2036224 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18468_none_b8baa41a9ab030ba\win32k.sys
    + 2006-11-02 07:28 . 2006-11-02 07:28 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6002.18005_none_570ee68146eaef3c\wab32res.dll
    + 2006-11-02 07:28 . 2006-11-02 07:28 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d7549c923f0\wab32res.dll
    + 2006-11-02 07:28 . 2006-11-02 07:28 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6000.16386_none_52ecab794cde131c\wab32res.dll
    + 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6002.18005_none_3417f75aaa6413e3\W32UIImg.dll
    + 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\W32UIImg.dll
    + 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\W32UIImg.dll
    + 2006-11-02 07:01 . 2006-11-02 09:43 5963264 c:\windows\winsxs\x86_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.0.6000.16386_none_b41c233a548e28ab\spwizimg.dll
    + 2010-08-11 20:48 . 2010-06-08 18:04 3550600 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
    + 2010-08-11 20:48 . 2010-06-08 18:04 3601792 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
    + 2010-08-11 20:48 . 2010-06-08 17:35 3548040 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
    + 2010-08-11 20:48 . 2010-06-08 17:35 3600768 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
    + 2010-08-11 20:48 . 2010-06-08 16:47 3548552 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
    + 2010-08-11 20:48 . 2010-06-08 16:47 3600784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
    + 2010-08-11 20:48 . 2010-06-08 17:00 3545992 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
    + 2010-08-11 20:48 . 2010-06-08 17:00 3598216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
    + 2006-11-02 07:26 . 2006-11-02 07:26 2105856 c:\windows\winsxs\x86_microsoft-windows-oobe-machine-brand_31bf3856ad364e35_6.0.6000.16386_none_5a6a71230895d10f\OOBEResources.dll
    + 2010-09-15 10:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22468_none_f4bf570381e7a95d\OESpamFilter.dat
    + 2010-09-15 10:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18294_none_f411476668e5fae3\OESpamFilter.dat
    + 2010-09-15 10:38 . 2010-08-17 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22743_none_f2e9838184b59da4\OESpamFilter.dat
    + 2010-09-15 10:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18511_none_f27e54006b817a32\OESpamFilter.dat
    + 2010-08-11 20:48 . 2010-06-11 16:31 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3.dll
    + 2010-08-11 20:48 . 2010-06-11 16:15 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3.dll
    + 2010-08-11 20:48 . 2010-06-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3.dll
    + 2010-08-11 20:48 . 2010-06-11 15:30 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3.dll
    + 2006-11-02 07:20 . 2006-09-18 21:42 6757792 c:\windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6000.16386_none_d159daa5e080a3a1\mrt.exe
    + 2010-05-11 20:38 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
    + 2010-05-11 20:38 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
    + 2006-11-02 12:35 . 2006-11-02 12:35 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\MSOERES.dll
    + 2010-05-11 20:38 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
    + 2010-05-11 20:38 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
    + 2010-05-11 20:38 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
    + 2006-11-02 12:35 . 2006-11-02 12:35 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\MSOERES.dll
    + 2010-05-11 20:38 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
    + 2006-11-02 06:47 . 2006-11-02 09:46 1572864 c:\windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.0.6000.16386_none_0257f99faac7eb66\msjet40.dll
    + 2010-08-11 20:49 . 2010-06-26 06:48 1987072 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23040_none_2aeb0342bb8fade9\iertutil.dll
    + 2010-06-11 18:36 . 2010-05-04 06:30 1986048 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23019_none_2b1475a0bb6f3e25\iertutil.dll
    + 2010-08-11 20:49 . 2010-06-26 06:02 1986560 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18943_none_2a649119a26f2409\iertutil.dll
    + 2010-06-11 18:36 . 2010-05-04 05:55 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18928_none_2a7f3263a25a6ada\iertutil.dll
    + 2010-08-11 20:49 . 2010-06-26 06:49 5954560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23040_none_f68a6b855134f8c2\mshtml.dll
    + 2010-06-11 18:36 . 2010-05-04 06:30 5953024 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23019_none_f6b3dde3511488fe\mshtml.dll
    + 2010-08-11 20:49 . 2010-06-26 06:03 5951488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18943_none_f603f95c38146ee2\mshtml.dll
    + 2010-06-11 18:36 . 2010-05-04 05:56 5950976 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18928_none_f61e9aa637ffb5b3\mshtml.dll
    + 2006-11-02 07:28 . 2006-10-26 03:24 2451312 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dat
    + 2010-08-11 20:49 . 2010-06-26 06:51 1211904 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23040_none_982a70c505d568f9\urlmon.dll
    + 2010-06-11 18:36 . 2010-05-04 06:31 1209856 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23019_none_9853e32305b4f935\urlmon.dll
    + 2010-08-11 20:49 . 2010-06-26 06:05 1210368 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18943_none_97a3fe9becb4df19\urlmon.dll
    + 2010-06-11 18:36 . 2010-05-04 05:59 1209344 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18928_none_97be9fe5eca025ea\urlmon.dll
    + 2010-06-23 12:30 . 2010-04-16 14:54 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22384_none_441de907d7be2d10\GameUXLegacyGDFs.dll
    + 2010-06-23 12:30 . 2010-04-16 17:15 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22384_none_441de907d7be2d10\gameux.dll
    + 2010-06-23 12:30 . 2010-04-16 14:39 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18244_none_43bf8becbe801d82\GameUXLegacyGDFs.dll
    + 2010-02-24 03:40 . 2010-01-06 15:39 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18244_none_43bf8becbe801d82\gameux.dll
    + 2010-06-23 12:30 . 2010-04-16 14:26 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22672_none_42404677da91894d\GameUXLegacyGDFs.dll
    + 2010-06-23 12:30 . 2010-04-16 16:09 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22672_none_42404677da91894d\gameux.dll
    + 2010-06-23 12:30 . 2010-04-16 14:17 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18461_none_41c07768c16cb714\GameUXLegacyGDFs.dll
    + 2009-11-18 15:50 . 2009-11-18 15:50 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18461_none_41c07768c16cb714\gameux.dll
    + 2006-11-02 07:29 . 2006-11-02 08:50 1236992 c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll
    + 2010-06-23 12:30 . 2010-04-16 17:14 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22384_none_0e41d2b708cbca10\AcGenral.dll
    + 2010-06-23 12:30 . 2010-04-16 16:43 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18244_none_0de3759bef8dba82\AcGenral.dll
    + 2010-06-23 12:30 . 2010-04-16 16:08 2157056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22672_none_0c6430270b9f264d\AcGenral.dll
    + 2010-06-23 12:30 . 2010-04-16 16:05 2153984 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18461_none_0be46117f27a5414\AcGenral.dll
    + 2010-06-23 12:28 . 2010-03-31 13:03 1249280 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.22377_none_994a55364619f35f\WindowsBase.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 1249280 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.18236_none_98eaf7d12cdcca7a\WindowsBase.dll
    + 2010-06-11 18:19 . 2010-03-19 13:46 3182592 c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6002.22372_none_c3a4f0a375ea8be2\System.dll
    + 2010-06-11 18:19 . 2010-03-25 11:53 3182592 c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6002.18232_none_da6e963b5c46c680\System.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 3035136 c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6000.16386_none_dabb4a555ba089dc\System.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 2039808 c:\windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6000.16386_none_81cba47b48fb4029\System.XML.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 5414912 c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6000.16386_none_3117572e4332dbd4\System.Windows.Forms.dll
    + 2010-06-11 18:22 . 2010-04-12 12:22 5988352 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6002.22380_none_8e00a25ea496be7d\System.ServiceModel.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 5967872 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6002.18239_none_a4c87aa48af4c66d\System.ServiceModel.dll
    + 2010-06-11 18:22 . 2010-04-12 12:23 5988352 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6002.22380_none_557c24922ca54584\System.ServiceModel.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 5967872 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6002.18239_none_6c43fcd813034d74\System.ServiceModel.dll
    + 2006-11-02 06:34 . 2006-10-20 01:14 5050368 c:\windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6000.16386_none_b5757f4b02c7c5b0\System.Design.dll
    + 2010-06-23 12:28 . 2010-03-31 13:03 5279744 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.22377_none_78e300c80a731721\PresentationFramework.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 5279744 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.18236_none_7883a362f135ee3c\PresentationFramework.dll
    + 2006-11-02 07:16 . 2006-11-02 09:47 3100672 c:\windows\winsxs\msil_miguicontrols_31bf3856ad364e35_6.0.6000.16386_none_ac1216923fb00239\MIGUIControls.dll
    + 2010-08-11 20:49 . 2010-06-26 06:05 1210368 c:\windows\System32\urlmon.dll
    - 2006-11-02 10:22 . 2010-04-16 02:58 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2010-09-15 18:48 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\System32\oobe\W32UIImg.dll
    + 2006-11-02 07:26 . 2006-11-02 07:26 2105856 c:\windows\System32\oobe\OOBEResources.dll
    + 2010-08-11 20:48 . 2010-06-08 17:35 3548040 c:\windows\System32\ntoskrnl.exe
    - 2010-04-14 04:20 . 2010-02-18 14:07 3548040 c:\windows\System32\ntoskrnl.exe
    + 2010-08-11 20:48 . 2010-06-08 17:35 3600768 c:\windows\System32\ntkrnlpa.exe
    + 2010-08-11 20:48 . 2010-06-11 16:15 1248768 c:\windows\System32\msxml3.dll
    - 2009-11-25 19:36 . 2009-08-11 16:44 1248768 c:\windows\System32\msxml3.dll
    + 2010-08-11 20:49 . 2010-06-26 06:03 5951488 c:\windows\System32\mshtml.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 1490944 c:\windows\System32\Macromed\Shockwave 10\dirapiX.dll
    + 2009-06-25 17:20 . 2009-06-25 17:20 1485176 c:\windows\System32\LegitCheckControl.DLL
    + 2010-08-11 20:49 . 2010-06-26 06:02 1986560 c:\windows\System32\iertutil.dll
    - 2010-02-24 03:40 . 2010-01-06 13:30 4240384 c:\windows\System32\GameUXLegacyGDFs.dll
    + 2010-06-23 12:30 . 2010-04-16 14:39 4240384 c:\windows\System32\GameUXLegacyGDFs.dll
    + 2009-08-04 23:52 . 2009-08-04 23:52 1193832 c:\windows\System32\FM20.DLL
    + 2010-06-23 12:29 . 2009-11-08 14:55 1130824 c:\windows\System32\dfshim.dll
    + 2010-08-18 06:05 . 2010-08-18 06:05 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
    + 2010-08-18 06:02 . 2010-08-18 06:02 2224816 c:\windows\System32\Adobe\Shockwave 11\gt.exe
    + 2010-08-18 06:07 . 2010-08-18 06:07 1802240 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
    - 2006-11-02 12:48 . 2010-03-10 06:57 3704729 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    + 2006-11-02 12:48 . 2010-08-11 22:10 3704729 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    + 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
     
    Blue Star,
    #22


  3. to hide this advert.

  4. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    + 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
    + 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
    + 2010-03-18 17:16 . 2010-03-18 17:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2010-03-18 17:16 . 2010-03-18 17:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
    + 2010-03-18 17:16 . 2010-03-18 17:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2010-06-11 18:20 . 2010-03-25 11:53 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2009-11-21 16:50 . 2009-03-30 04:42 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-06-11 18:19 . 2010-03-25 11:53 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2009-11-23 23:06 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-06-25 14:09 . 2010-06-25 14:09 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-06-25 14:10 . 2010-06-25 14:10 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2010-08-05 14:57 . 2010-08-05 14:57 4066304 c:\windows\Installer\f8143.msp
    + 2010-08-20 17:50 . 2010-08-20 17:50 5518848 c:\windows\Installer\f8123.msp
    + 2010-08-25 21:06 . 2010-08-25 21:06 6479360 c:\windows\Installer\f8111.msp
    + 2010-08-04 20:43 . 2010-08-04 20:43 1141760 c:\windows\Installer\c8bb91.msi
    + 2010-05-03 20:27 . 2010-05-03 20:27 6825472 c:\windows\Installer\97bd407.msp
    + 2010-05-10 21:17 . 2010-05-10 21:17 5520896 c:\windows\Installer\97bd3f5.msp
    + 2010-05-03 20:06 . 2010-05-03 20:06 5053952 c:\windows\Installer\97bd3e3.msp
    + 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Installer\8e21294.msi
    + 2010-05-05 02:25 . 2010-05-05 02:25 7681024 c:\windows\Installer\7b1132.msp
    + 2010-05-25 15:45 . 2010-05-25 15:45 8445440 c:\windows\Installer\5162bfd.msp
    + 2010-07-01 02:52 . 2010-07-01 02:52 5522944 c:\windows\Installer\5162bea.msp
    + 2009-10-16 22:07 . 2009-10-16 22:07 6115328 c:\windows\Installer\4c2ff50.msp
    + 2009-08-21 14:14 . 2009-08-21 14:14 8363008 c:\windows\Installer\4c2ff3d.msp
    + 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\4c2ff20.msp
    + 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\4c2fef9.msp
    + 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\4c2fee5.msp
    + 2010-04-21 21:46 . 2010-04-21 21:46 5522432 c:\windows\Installer\4c2fed0.msp
    + 2009-10-06 22:40 . 2009-10-06 22:40 7681024 c:\windows\Installer\4c2fea9.msp
    + 2010-01-27 21:53 . 2010-01-27 21:53 6820864 c:\windows\Installer\4c2fe96.msp
    + 2008-01-14 20:53 . 2008-01-14 20:53 5213696 c:\windows\Installer\4c2fe83.msp
    + 2009-12-17 02:58 . 2009-12-17 02:58 5382144 c:\windows\Installer\4c2fe71.msp
    + 2008-10-25 13:15 . 2008-10-25 13:15 6227456 c:\windows\Installer\4c2fe5b.msp
    + 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\4c2fe36.msp
    + 2010-01-19 22:29 . 2010-01-19 22:29 5050368 c:\windows\Installer\4c2fe23.msp
    + 2007-11-08 15:42 . 2007-11-08 15:42 4158464 c:\windows\Installer\4c2fe0e.msp
    + 2010-07-26 21:02 . 2010-07-26 21:02 5519360 c:\windows\Installer\3f46251.msp
    + 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\261e470.msp
    + 2010-06-28 20:01 . 2010-06-28 20:01 7677952 c:\windows\Installer\213132.msp
    + 2010-06-29 02:53 . 2010-06-29 02:53 6819840 c:\windows\Installer\21311f.msp
    + 2010-05-25 01:21 . 2010-05-25 01:21 4716032 c:\windows\Installer\1b703f8.msi
    + 2007-05-09 21:19 . 2007-05-09 21:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
    + 2007-04-19 17:49 . 2007-04-19 17:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
    + 2007-05-31 17:35 . 2007-05-31 17:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    + 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
    + 2007-05-31 17:43 . 2007-05-31 17:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
    + 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
    + 2003-07-03 19:19 . 2003-07-03 19:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
    + 2003-08-03 14:52 . 2003-08-03 14:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
    + 2003-07-31 19:21 . 2003-07-31 19:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
    + 2003-07-30 16:40 . 2003-07-30 16:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
    + 2003-08-01 19:09 . 2003-08-01 19:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
    + 2003-08-10 03:06 . 2003-08-10 03:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
    + 2003-07-07 17:36 . 2003-07-07 17:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
    + 2003-07-15 03:05 . 2003-07-15 03:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
    + 2003-06-18 21:31 . 2003-06-18 21:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
    + 2003-07-11 06:15 . 2003-07-11 06:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
    + 2002-12-17 23:09 . 2002-12-17 23:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
    + 2002-12-17 23:08 . 2002-12-17 23:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
    + 2003-07-15 03:11 . 2003-07-15 03:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
    + 2003-07-25 23:00 . 2003-07-25 23:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
    + 2003-07-24 03:01 . 2003-07-24 03:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
    + 2003-08-03 14:56 . 2003-08-03 14:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
    + 2009-12-21 23:29 . 2009-12-21 23:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
    + 2009-12-22 04:31 . 2009-12-22 04:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
    + 2010-06-11 19:54 . 2010-06-11 19:54 3314176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f2c782b40b6cc14c2c016d51244b1e1b\WindowsBase.ni.dll
    + 2010-06-11 19:36 . 2010-06-11 19:36 3314176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\717e7ed178c27d2b0763b7d223f97600\WindowsBase.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\a4424d6a290888ada0069a47e94a410d\UIAutomationClientsideProviders.ni.dll
    + 2010-06-11 19:36 . 2010-06-11 19:36 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
    + 2010-06-11 19:38 . 2010-06-11 19:38 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
    + 2010-06-11 19:38 . 2010-06-11 19:38 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\295244b67c7d3324ad422353821c3173\System.Workflow.Runtime.ni.dll
    + 2010-06-11 19:38 . 2010-06-11 19:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\a9f49dc15cd71c6d6242f7408dc45b31\System.Workflow.ComponentModel.ni.dll
    + 2010-06-11 19:38 . 2010-06-11 19:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ae0d9045838b9c38c5f227515e0daee6\System.Workflow.Activities.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fc4e103b1922275f46b3ee6ee5bdffdc\System.Web.Services.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7285331fd503de286f1066faeb400904\System.Web.Mobile.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\06a991c6fb869c9d1876aff8a7a95249\System.Web.Extensions.ni.dll
    + 2010-06-11 20:03 . 2010-06-11 20:03 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b26b84cc16a235b2c6905b553e537c4b\System.Speech.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f38171cd5f65ed09262279ba7aea807c\System.Runtime.Serialization.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\543cbcb908b8f3ab562d42c1cc988d3c\System.Printing.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\eaf8aa8f409d1f4c02b0944789e10711\System.Management.Automation.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\9890cc2dbf0782bc3e49eb98104b3fdd\System.IdentityModel.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\4e2884a2f3e1ad3c5d78cf9195de11d3\System.IdentityModel.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7e489876ae08f12a0e44839226440669\System.DirectoryServices.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\31b7b3e2e9ec643e346566ba784d15ed\System.Deployment.ni.dll
    + 2010-06-11 20:00 . 2010-06-11 20:00 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2e07a348f84f3e73de1537854169c533\System.Deployment.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e9709fb8f0aca4844ebba0df031bd9ea\System.Data.ni.dll
    + 2010-06-11 19:39 . 2010-06-11 19:40 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\aef9de36b989b281f4b969787d0d4905\System.Data.SqlXml.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3d723245b4405bfb07980ad2a2ccb0c6\System.Data.OracleClient.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c81daac68747cd86564db72297308176\System.Data.Entity.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7f277c0ce8a649d6f521c11f84a3962f\System.Core.ni.dll
    + 2010-06-11 20:02 . 2010-06-11 20:02 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4008054bb265645c10e658d6ce634003\ReachFramework.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\67fde11a5d008b3ff6f95e84fd38330b\PresentationUI.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\285b5021c0cde2883234e8e72d4ac041\PresentationBuildTasks.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\0ec562d5cb422abb1565423db64696a8\Narrator.ni.exe
    + 2010-06-11 20:01 . 2010-06-11 20:01 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\36b5c53f1d04137400dce3de405e75c8\MMCEx.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\a4dedfaf9a0d4e721153171b5437999d\MIGUIControls.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6e4449056e3c29f67d5e19f4ac30ff40\MIGUIControls.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\848ebb638e1b40c18a11029aa79104f0\Microsoft.VisualBasic.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e93b5b375c1a6d54349800540a2f5f43\Microsoft.Transactions.Bridge.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\87f1933f94b406f081cbcc6b7cd76d2a\Microsoft.JScript.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\319a441331da1e11e9b1db6618d3c2b7\Microsoft.Ink.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 2088448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\84b0f5e5b1ec1e86323c99403585895e\Microsoft.GroupPolicy.Reporting.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\aecf601746c4ed4ab541ab1addd1d7b5\Microsoft.Build.Tasks.ni.dll
    + 2010-06-11 19:42 . 2010-06-11 19:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\88533d9b0f9b56056af651bf62107b27\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\44105c2ae30008c7caace925f6d1db0b\Microsoft.Build.Tasks.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\113b44cde39b250de53de33f94fd9027\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9376bf0847738f4983bc82ebfc9e9a88\Microsoft.Build.Engine.ni.dll
    + 2010-06-11 19:41 . 2010-06-11 19:41 3916288 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\a41482b7a4ddbbc9194a1bdd52ebf8fb\DriversHQ.DriverDetective.Client.ni.exe
    + 2010-06-23 12:28 . 2010-04-05 12:19 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-06-11 18:19 . 2010-03-25 11:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2010-06-11 18:22 . 2010-04-12 12:21 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2010-06-11 18:20 . 2010-03-25 11:53 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-11-21 16:50 . 2009-03-30 04:42 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-06-23 12:28 . 2010-04-05 12:19 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2009-11-21 16:50 . 2009-02-18 18:39 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2009-11-23 23:06 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-08-11 20:48 . 2010-05-21 10:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-06-23 12:30 . 2010-04-16 16:43 2159616 c:\windows\AppPatch\AcGenral.dll
    - 2010-02-24 03:40 . 2010-01-06 15:38 2159616 c:\windows\AppPatch\AcGenral.dll
    + 2010-08-03 14:37 . 2010-07-26 18:04 11587072 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
    + 2010-08-03 14:37 . 2010-07-26 15:51 11584512 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
    + 2010-08-03 14:37 . 2010-07-26 16:56 11586560 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
    + 2010-08-03 14:37 . 2010-07-26 16:55 11581440 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
    + 2010-08-11 20:49 . 2010-06-17 18:27 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.dll
    + 2010-08-11 20:49 . 2010-06-17 18:08 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.dll
    + 2010-08-11 20:49 . 2010-06-17 17:22 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.dll
    + 2010-08-11 20:48 . 2010-06-17 17:15 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 21827584 c:\windows\winsxs\x86_microsoft-windows-ime-korean-hwresource_31bf3856ad364e35_6.0.6000.16386_none_4e1eb5b4af3fbd40\mshwkorr.dll
    + 2006-11-02 07:26 . 2006-11-02 09:39 15821312 c:\windows\winsxs\x86_microsoft-windows-imageres_31bf3856ad364e35_6.0.6000.16386_none_da86e136fafaf563\imageres.dll
    + 2010-08-11 20:49 . 2010-06-26 06:48 11078656 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieframe.dll
    + 2010-06-11 18:36 . 2010-05-04 06:30 11078144 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23019_none_481337e6dd0a172b\ieframe.dll
    + 2010-08-11 20:49 . 2010-06-26 06:02 11077120 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieframe.dll
    + 2010-06-11 18:36 . 2010-05-04 05:55 11076096 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18928_none_477df4a9c3f543e0\ieframe.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6002.18005_none_fd148db3f8a0d120\MSHWCHTR.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\MSHWCHTR.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6000.16386_none_f8f252abfe93f500\MSHWCHTR.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 21462016 c:\windows\winsxs\x86_microsoft-windows-d..ndwritingrecognizer_31bf3856ad364e35_6.0.6000.16386_none_29bd61de3dbf60e5\mshwjpnr.dll
    + 2010-08-03 14:37 . 2010-07-26 15:51 11584512 c:\windows\System32\shell32.dll
    + 2006-11-02 10:24 . 2010-09-15 12:31 35552200 c:\windows\System32\mrt.exe
    + 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\System32\IME\IMETC10\applets\MSHWCHTR.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 21827584 c:\windows\System32\IME\imekr8\applets\mshwkorr.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 21462016 c:\windows\System32\IME\IMEJP10\APPLETS\mshwjpnr.dll
    + 2006-11-02 07:26 . 2006-11-02 09:39 15821312 c:\windows\System32\imageres.dll
    + 2010-08-11 20:49 . 2010-06-26 06:02 11077120 c:\windows\System32\ieframe.dll
    + 2010-05-11 15:30 . 2010-05-11 15:30 11194880 c:\windows\Installer\97bd419.msp
    + 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\4c2fee6.msp
    + 2008-06-04 17:29 . 2008-06-04 17:29 16905728 c:\windows\Installer\4c2febc.msp
    + 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\41c98.msp
    + 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\376b6.msp
    + 2010-08-15 06:46 . 2010-08-15 06:46 23178240 c:\windows\Installer\14a90a1.msi
    + 2007-05-31 17:37 . 2007-05-31 17:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
    + 2007-06-18 21:16 . 2007-06-18 21:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
    + 2007-05-31 17:41 . 2007-05-31 17:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
    + 2003-08-06 17:24 . 2003-08-06 17:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
    + 2003-08-08 04:23 . 2003-08-08 04:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
    + 2003-08-13 06:34 . 2003-08-13 06:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
    + 2009-12-22 04:21 . 2009-12-22 04:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
    + 2010-06-11 19:38 . 2010-06-11 19:38 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a7440b520bb4f5151098d129a877e442\System.Windows.Forms.ni.dll
    + 2010-06-11 19:55 . 2010-06-11 19:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 11801088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
    + 2010-06-11 19:40 . 2010-06-11 19:40 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5919fd04213069acd2f2dc575d7cae3c\System.ServiceModel.ni.dll
    + 2010-06-11 20:01 . 2010-06-11 20:01 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52cbaee4e94489731096be5ecc320958\System.ServiceModel.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\72fac53d8beaf555ea00172a5db70226\System.Design.ni.dll
    + 2010-06-11 19:55 . 2010-06-11 19:55 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b89f584d5b315c16d4e57e747158cb69\PresentationFramework.ni.dll
    + 2010-06-11 19:37 . 2010-06-11 19:37 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\576df1026a947a0cdb2882e7d1270398\PresentationFramework.ni.dll
    + 2010-06-11 19:54 . 2010-06-11 19:54 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d27beed58ee849a11e772c7e39ea7d96\PresentationCore.ni.dll
    + 2010-06-11 19:36 . 2010-06-11 19:36 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\117ad7def1268317d5d274c2da25cbaf\PresentationCore.ni.dll
    + 2009-11-19 06:57 . 2010-09-15 10:38 317660700 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    + 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\1e73f2e.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - kglcapow

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2975667946-567017948-1869616947-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 05:27]

    2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2975667946-567017948-1869616947-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 05:27]

    2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{A1E0E7D0-0604-42BB-9493-4287CCC2E5E2}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    AddRemove-HijackThis - c:\users\Owner\Desktop\WinBBS\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-19 03:03
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2010-09-19 03:07:02
    ComboFix-quarantined-files.txt 2010-09-19 07:06
    ComboFix2.txt 2010-04-16 04:33
    ComboFix3.txt 2010-03-31 03:59

    Pre-Run: 174,027,005,952 bytes free
    Post-Run: 174,169,055,232 bytes free

    - - End Of File - - 5D3B2ADF2902F50FE71F3A20380D099B
     
    Blue Star,
    #23
  5. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see much there.
    What are the current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #24
  6. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Still getting a bit of IE hanging up and not responding... we did get rid of 22 objects pior to combofix...

    Doing OTL now..,thanks!!!
     
    Blue Star,
    #25
  7. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    OTL logfile created on: 9/19/2010 12:39:43 PM - Run 5
    OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 161.21 Gb Free Space | 69.66% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OWNER-PC
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/19 12:38:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2010/08/15 21:16:15 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
    PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/19 12:38:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/06/19 22:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2009/03/20 08:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/06/03 07:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/09/19 03:02:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/19 12:38:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/09/19 03:07:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/09/19 03:07:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/09/19 03:07:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2010/09/19 02:53:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/09/16 23:40:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2010/09/16 17:25:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
    [2010/09/16 17:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\iWonEI
    [2010/09/16 11:50:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WHALEN
    [2010/09/13 10:38:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
    [2010/09/11 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Exent Technologies
    [2010/09/11 10:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\The Treasures of Montezuma
    [2010/09/11 10:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\The Treasures of Montezuma
    [2010/09/11 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Yahoo
    [2010/09/11 10:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
    [2010/09/11 10:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
    [2010/09/11 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\WeatherBug
    [2010/09/11 10:33:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WeatherBug
    [2010/09/11 10:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2010/09/11 10:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
    [2010/09/11 10:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2010/09/11 10:30:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
    [2010/09/11 10:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/08/26 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\AZIZ
    [2010/08/25 12:03:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HASTINGS CORNEA
    [2010/08/19 11:11:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\PRICING & DESIGN RESEARCH
    [2010/08/09 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\PACHECO LITTRELL
    [2010/08/06 16:13:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MigWiz
    [2010/07/29 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WAGNER
    [2010/07/29 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HENNING
    [2010/07/14 02:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
    [2010/07/13 13:31:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BitTorrent
    [2010/07/13 13:25:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Blitware
    [2010/06/25 10:07:03 | 000,000,000 | ---D | C] -- C:\99e913fc9a9cde4efd5c

    ========== Files - Modified Within 90 Days ==========

    [2011/01/12 22:44:26 | 004,317,858 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_5758.JPG
    [2010/09/19 12:41:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A1E0E7D0-0604-42BB-9493-4287CCC2E5E2}.job
    [2010/09/19 12:39:42 | 002,359,296 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
    [2010/09/19 12:38:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/09/19 12:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2975667946-567017948-1869616947-1000UA.job
    [2010/09/19 12:15:19 | 000,004,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/19 12:15:19 | 000,004,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/19 10:15:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/19 10:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/19 10:15:11 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/19 03:02:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/09/19 03:02:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/09/19 02:52:01 | 003,846,590 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/09/19 01:38:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2975667946-567017948-1869616947-1000Core.job
    [2010/09/18 15:30:32 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/18 15:27:09 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2010/09/18 15:25:53 | 000,284,915 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
    [2010/09/18 14:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/18 14:43:21 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TM.blf
    [2010/09/18 14:43:16 | 003,294,775 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
    [2010/09/17 20:31:26 | 000,697,560 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/09/17 20:31:26 | 000,599,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/09/17 20:31:26 | 000,103,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/09/15 15:51:31 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
    [2010/09/15 08:03:24 | 001,481,216 | ---- | M] () -- C:\Users\Owner\Desktop\SMALL PERMIT HPI 1B.vsd
    [2010/09/11 10:43:55 | 000,001,929 | ---- | M] () -- C:\Users\Owner\Desktop\TheTreasuresofMontezuma.lnk
    [2010/09/11 10:41:36 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
    [2010/09/02 08:41:37 | 197,703,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/08/20 12:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TMContainer00000000000000000002.regtrans-ms
    [2010/08/16 08:08:41 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{44d3fe18-5d26-11df-bdd4-001b380f868e}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/16 08:08:41 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{44d3fe18-5d26-11df-bdd4-001b380f868e}.TM.blf
    [2010/08/15 02:46:27 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    [2010/08/11 18:09:47 | 000,249,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/08/04 18:22:40 | 000,000,256 | ---- | M] () -- C:\Users\Owner\Documents\pool.bin
    [2010/08/04 17:19:55 | 007,702,994 | ---- | M] () -- C:\Users\Owner\Documents\Backup-(2010-08-04).ipd
    [2010/07/29 12:30:17 | 000,042,496 | ---- | M] () -- C:\Users\Owner\Documents\Structure Studio Receipt 06 2010.doc
    [2010/07/07 14:01:22 | 000,017,542 | ---- | M] () -- C:\Windows\FRGN.ico
    [2010/06/29 19:33:09 | 000,001,587 | ---- | M] () -- C:\Users\Public\Desktop\PoolStudio.lnk
    [2010/06/21 23:53:08 | 000,000,331 | ---- | M] () -- C:\Users\Owner\Documents\Barbara Leach 2.vcf
    [2010/06/21 23:52:40 | 000,000,331 | ---- | M] () -- C:\Users\Owner\Documents\Barbara Leach.vcf

    ========== Files Created - No Company Name ==========

    [2010/09/19 02:52:01 | 003,846,590 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/09/18 15:30:32 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/18 15:27:08 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2010/09/18 15:25:50 | 000,284,915 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
    [2010/09/15 08:02:11 | 001,481,216 | ---- | C] () -- C:\Users\Owner\Desktop\SMALL PERMIT HPI 1B.vsd
    [2010/09/11 10:43:55 | 000,001,929 | ---- | C] () -- C:\Users\Owner\Desktop\TheTreasuresofMontezuma.lnk
    [2010/09/11 10:41:37 | 000,017,542 | ---- | C] () -- C:\Windows\FRGN.ico
    [2010/09/11 10:41:36 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2010/08/20 12:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TMContainer00000000000000000002.regtrans-ms
    [2010/08/20 12:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/20 12:11:28 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{58797e10-ac75-11df-8cf3-001b380f868e}.TM.blf
    [2010/08/15 02:46:36 | 000,000,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/08/15 02:46:27 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    [2010/08/06 16:59:42 | 004,317,858 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_5758.JPG
    [2010/08/04 17:19:55 | 007,702,994 | ---- | C] () -- C:\Users\Owner\Documents\Backup-(2010-08-04).ipd
    [2010/08/04 17:17:21 | 000,000,256 | ---- | C] () -- C:\Users\Owner\Documents\pool.bin
    [2010/07/29 12:30:17 | 000,042,496 | ---- | C] () -- C:\Users\Owner\Documents\Structure Studio Receipt 06 2010.doc
    [2010/06/29 19:33:09 | 000,001,587 | ---- | C] () -- C:\Users\Public\Desktop\PoolStudio.lnk
    [2010/06/21 23:53:08 | 000,000,331 | ---- | C] () -- C:\Users\Owner\Documents\Barbara Leach 2.vcf
    [2010/06/21 23:52:40 | 000,000,331 | ---- | C] () -- C:\Users\Owner\Documents\Barbara Leach.vcf
    [2010/05/24 21:22:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/11/25 01:29:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/11/25 01:17:57 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
    [2009/11/21 12:50:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/11/20 14:26:21 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2009/11/19 01:59:41 | 000,011,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/18 23:19:02 | 000,000,904 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/11/18 09:53:00 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/03/05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
    [2008/06/03 04:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
    [1996/11/17 02:37:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

    ========== LOP Check ==========

    [2010/09/18 14:40:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
    [2010/07/13 13:25:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blitware
    [2009/11/25 18:29:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EPSON
    [2010/09/11 10:46:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Exent Technologies
    [2009/11/25 01:31:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
    [2010/06/15 01:46:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
    [2010/05/31 11:46:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
    [2010/09/11 10:33:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
    [2010/09/18 14:43:27 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/09/19 12:41:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A1E0E7D0-0604-42BB-9493-4287CCC2E5E2}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/09/19 03:07:03 | 000,314,500 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/09/19 10:15:11 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/11/19 01:28:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/07 11:51:05 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/11/19 01:28:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/09/19 10:15:10 | 2325,024,768 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:30 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:30 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:30 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/11/23 11:52:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2008/01/19 00:34:30 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 08:36:45 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/11/20 15:21:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/20 15:32:03 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/19 02:52:01 | 003,846,590 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/09/18 15:27:09 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2010/09/19 12:38:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2008/06/24 14:05:31 | 000,030,720 | ---- | M] (TSIS, Bangalore-70) -- C:\Users\Owner\Desktop\PoolDraw Measure.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/11/18 09:53:14 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/11/24 14:31:08 | 000,000,904 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
     
    Blue Star,
    #26
  8. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #27
  9. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    ok.... javaRa... extracted, tried to run it, gives me the report location window, however, cannot find report and the task seems to be too short of a run time to be actually doing anything...
     
    Blue Star,
    #28
  10. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    got it...........

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sun Sep 19 13:47:27 2010

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    ------------------------------------

    Finished reporting.
     
    Blue Star,
    #29
  11. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need a log from OTL fix.
     
    broni,
    #30
  12. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    just completed it....

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 1613012 bytes
    ->Temporary Internet Files folder emptied: 242293360 bytes
    ->Java cache emptied: 862819 bytes
    ->Google Chrome cache emptied: 6145559 bytes
    ->Flash cache emptied: 123750 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1068051 bytes
    RecycleBin emptied: 629000 bytes

    Total Files Cleaned = 241.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.0 log created on 09192010_134943

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF7814.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF781F.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF786C.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF7877.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF78AE.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF78B9.tmp not found!
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DTHKUAJ1\95247-active-machine-possessed-2[2].html moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NYR3QZY\ads[3].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4AG7LMJ2\iframescript[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File\Folder C:\Windows\temp\TMP00000001D8038B0925669E97 not found!

    Registry entries deleted on Reboot...


    running sec check now....
     
    Blue Star,
    #31
  13. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK...go on... :)
     
    broni,
    #32
  14. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    Microsoft Security Essentials successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player
    Adobe Reader 9.3.4
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    Blue Star,
    #33
  15. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)
     
    broni,
    #34
  16. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    thanks...:D

    running kaspersky next... guessing it will take a few hours... so tty soon!
     
    Blue Star,
    #35
  17. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, I need some break....LOL
     
    broni,
    #36
  18. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Thank you soooo much, so far Broni!!!:D

    logging off and running kaspersky now...
     
    Blue Star,
    #37
  19. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #38
  20. 2010/09/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    kaspersky.......

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, September 19, 2010
    Operating system: Microsoft Windows Vista Enterprise Edition, 32-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, September 19, 2010 15:51:48
    Records in database: 4225486


    Scan settings
    scan using the following database extended
    Scan archives yes
    Scan e-mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\
    G:\

    Scan statistics
    Objects scanned 211856
    Threats found 1
    Infected objects found 1
    Suspicious objects found 0
    Scan duration 03:39:39

    File name Threat Threats count
    C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll Infected: not-a-virus:AdWare.Win32.FunWeb.fa 1

    Selected area has been scanned.
     
    Blue Star,
    #39
  21. 2010/09/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you use iWon program, just be aware, it contains some adware.
    If you don't use it, uninstall it.

    Other than that....


    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...