0

So first let me show a screenshot.

http://i239.photobucket.com/albums/ff65/Monosuke/HELPFFS.jpg

As you see on the left side it is placing porn on my desktop somehow. Not quite sure how. Also I got get of police pro just now. I couldn't find it in my registry when i follow the instructions located here:

http://www.softsailor.com/how-to/6793-how-to-remove-windows-police-pro-virus-windows-police-pro-virus-removal.html

Now I am a relative novice as far as computers go so here I go.

When I used combo-fix this is the .txt file that was updated so I think this is the right thing:

32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\ 

32788R22FWJFW\PV.exe -kf *.pif 
  Killing '*.pif'
pv: No matching processes found

MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfexe 

32788R22FWJFW\PV.cfexe -kf *.pif 
  Killing '*.pif'
"C:\32788R22FWJFW\n.pif" cmdwait 2500 exec hide "~$folder.system$\cmd.execf" /c 32788R22FWJFW\prep.cmd (4936)

PUSHD "C:\32788R22FWJFW" 

IF NOT EXIST pev.cfexe COPY /Y pev.exe pev.cfexe 
        1 file(s) copied.

IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfexe NircmdB.exe 
        1 file(s) copied.

SET "Comspec=C:\WINDOWS\system32\cmd.execf" 

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT 

IF EXIST OsVer EXIT

VER  1>OsVer 

GREP.cfexe -F "5.2." OsVer 

IF 1 == 0 GOTO Not_NT 

GREP.cfexe -F "5.1.2" OsVer  1>XP.mac 

IF 0 == 0 GOTO NT 

GREP.cfexe -isq "ProductType.*WinNT" WinNT00   || GOTO Not_NT 

SED.CFEXE "/^PATH=/I!d; s///; s/\x22//g" Oripath  1>OriPath00 

PEV.EXE -rtf -s+901 .\OriPath00   && (
SED.CFEXE -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00  1>OriPath01  
 FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G" 
) 

IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G" 

SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem" 
  Killing 'runonce.exe'
  Killing 'grpconv.exe'
  Killing 'procmon.exe'
pv: No matching processes found

PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe }   1>temp00  && (
PV -o%f *  1>temp01  
 PEV -tf -t!o --files:temp01 --c:##5#b#f#  1>temp02  
 GREP -Fif temp00 temp02  1>temp03  
 SED "/.*   /!d; s///" temp03  1>temp04  
 SED  ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04  1>temp05  
 FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G 
) 

CALL :MDCheck 
Could Not Find C:\32788R22FWJFW\md5sum00.pif

PEV -rtf -md53A36F2E3123203B4DD38D95B03356EEB .\md5sum.pif   || CALL :MDFaiL ChkSum_Fail 
.\md5sum.pif

PEV -tf --files:files.pif --c:##5#b#f#  1>mdCheck00.dat 

GREP -vs "^!MD5:" mdCheck00.dat  1>mdCheck0a.dat 

GREP -Fvf md5sum.pif mdCheck0a.dat   1>mdCheck01.dat  && CALL :MDFaiL 

GOTO :EOF 

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robby\Application Data
CFLDR=32788R22FWJFW
Chksum=3A36F2E3123203B4DD38D95B03356EEB
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROB
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robby
KMD=CF4194.exe
LOGONSERVER=\\ROB
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$
Qrntn=C:\Qoobox\Quarantine
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Robby\Desktop\combo-fix.exe" 
sfxname=C:\Documents and Settings\Robby\Desktop\combo-fix.exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
USERDOMAIN=ROB
USERNAME=Robby
USERPROFILE=C:\Documents and Settings\Robby
windir=C:\WINDOWS

=============================================


IF NOT DEFINED sfxname GOTO END 

GREP -F \ temp01   && CALL :Aux 

ATTRIB.EXE +R "C:\Documents and Settings\Robby\Desktop\combo-fix.exe" 

GREP -Fi "C:\WINDOWS\system32\userinit.exe" Userinit00   || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\WINDOWS\system32\userinit.exe," ) 
   Userinit REG_SZ          C:\WINDOWS\system32\userinit.exe,

CALL LANG.bat 

I am still attempting as I write this to get HiJackthis to work. I'm not sure why it isn't opening. I went to the intial HJACKTHIS file and it will not open and tells me I don't have the correct permissions, so I deleted it and redownloaded it.

Okay so I got it reinstalled started to run it then it closed on me after I clicked run+save log. Lasted all of 5-7 seconds. I attempted to reopen it and it gave me a permissions blurb again.

Edited by mike_2000_17: Fixed formatting

3
Contributors
29
Replies
30
Views
7 Years
Discussion Span
Last Post by PhilliePhan
0

Hi and welcome to daniweb,
First of all looking at your attachment I am sorry but I don't see where you mean there is porn on the desk top. It is too small to see something other than icons on the left side.

Next,you shouldn't have used combofix without first being instructed to do so. That website you linked to didn't mention combofix that I could see. Don't run combofix again unless first instructed to do so. That is very often a LAST RESORT, not a first step.

These were instructions that site uses to remove one specific infection, at this point we don't know that is what you have.

The combofix log is incomplete or very likely not even a combofix log so I cannot say what was done or not done by using this program. There is never a reason that the combofix log would be "updated" that is why I am not really certain that you actually ran combofix. Where did you get it?

Can you open the log again, you should be able to find it in C:\ComboFix.txt. and make sure Word wrap is NOT on. Copy paste the ENTIRE log here, maybe I can figure out what was done. We have no idea of your operating system, your anti-virus program, what other steps you took to attempt to remove what for now is only known as an unknown infection.

EDIT: Just look through that log you posted I don't believe that the program you ran actually was combofix. I believe it was a fake one. The real combofix is all one word, the one you ran seems to have been spelled combo-fix...which is known malicious software....Unless YOU personally changed the name of the file, did you?

Edited by jholland1964: n/a

0

It was originally combofix but for some reason It wouldn't run so someone on another forum suggested I just modify it to work.

Alright, Any suggestion on what I should do then to get hjackthis working?

The log I posted seems to be Superantispyware. It is the only other thing I ran today. Unfortunately it closes in the middle of it and won't complete the scan.

Edited by Turkagent: n/a

0

It was originally combofix but for some reason It wouldn't run so someone on another forum suggested I just modify it to work.

Alright, Any suggestion on what I should do then to get hjackthis working?

The log I posted seems to be Superantispyware. It is the only other thing I ran today. Unfortunately it closes in the middle of it and won't complete the scan.

Since you have posted at another forum it is advisable that you continue there. Advice could conflict if taking steps from two different forums.

Edited by jholland1964: n/a

0

Maybe I misspoke myself. I did not post this particular issue I posted an issue I was having with a program called "iexplorer" around 5 months ago. It no longer is an issue and I have subsequently forgotten what that website is. :|

This is a different issue.

0

Honestly, I have no idea why you ran combofix. I have no idea what you have run. You said the log you posted was SAS but that doesn't appear to be an SAS log, or one that I have seen before.
You have not given any information on your OS, your AV program, what steps you have taken except to run combofix which nobody here would tell you to do until much later. This obviously was an OLD version of combofix if you received info on it months ago at another forum. I don't really know how I can help you if you are not totally forthcoming with information and you have not been. I see nothing about porn in the attachment you posted. It just appears to be a desktop print screen of this web site.

0

-.-

Perhaps I did make it clear that I could not post anything becuase as soon as I try to run HjackTHIS it shuts it down and then tells me I don't have the proper permission.

Alright, Any suggestion on what I should do then to get hjackthis working?


-.-

Additionally I keep having a pop-up that tells me windows firewall has blocked some features but can't do anything about Trojan's already on my computer. You know what, I'll just post another picture. -.-

http://img297.imageshack.us/img297/3143/scunt.jpg

When I exit out them it takes me to this site: http://join2672.billmyccagain.com/signup.cgi?ver=3&aff=1241

EDIT -

Not forth coming? As if I am trying to hide information from people I need help from? I have clearly state that I need help getting HjackTHIS to run so I can post specifics.

Edited by Turkagent: n/a

0

And I have clearly stated I need information about your computer in general, what is your operating system, what anti-virus program are you running? What other tools have you run? You have not told me this. I realize this is frustrating but I can't offer help unless I know all of the above. Some tools do not run on all operating systems. Some tools do not operate with OTHER security programs. I need to know this. HiJackThis is ONLY a scanner NOT a fixer program so at this point that is not needed.

0

Operating System: Microsoft windows XP Professional(5.1, Build 2600)

I had my windows Firewall disabled and had AVG running. Recently AVG stopped working correctly in that I could not get rid of malware that it picked up. It would tell me that that virus vault was full or something of that manner. I tried to figure out how to empty it but I couldn't figure it out. Anyhow, I have enable the standard firewall for windows and AVG is running.

I have tried running Superantispyware but something is not allowing it to finish so it keeps closing halfway through.

I tried running combo-fix becuase I remember in the past someone had me run that and it helped my problem. So I guess I was just using a tool of which I had no idea it's use.

http://img268.imageshack.us/img268/4269/rightv.jpg
^Picture for clarification.

0

Ok, I will tell you, just from your print screens and your comments I honestly thought you were running Vista.
Now you can try these steps. I will say first that I don't know if any of them will work since you have all ready run an old version, I think anyway, of combofix. This is a tool which should never be kept on the computer after a problem is solved so if you used an old version you all ready had on there it is very possible that this has compromised much of what is needed to do. Just the fact that you used it without direction can actually compromise things but we will put that aside for now.
I want you to try these steps.
Windows Police Pro can disable the ability to use your Windows Task Manager. To fix this, please download the following file to your desktop.
Fixtm.reg
Once the file is downloaded, double-click on it and select Yes when it asks if you want to merge the data into your Registry. Once that is completed you should be able to use the Windows Task Manager.
You must end the two processes associated with Windows Police Pro as they do not allow you to run any applications
that we will need to remove this program. To do this we need to launch the Windows Task Manager by right-clicking on the time in the Windows task bar and then selecting Task Manager.
When Windows Task Manager opens please click the Processes Tab
You will now be at a screen that shows the running processes on your computer. First put a checkmark in the checkbox labeled Show processes from all users
Then scroll through the list till you see the process called Windows Police Pro.exe and left-click on it once so it becomes highlighted. Then click on the End Process button.
When you click on the End Process button, Task Manager will ask you to confirm if you are sure you want to terminate it, click YES
After you have ended the Windows Police Pro.exe process, scroll through the list of processes until you find the svchast.exe or svchasts.exe processes. Then end this process as well by clicking on the End Process button and confirming that you want to end it. Please note that in Windows there is a legitimate program called svchost.exe, so please be careful to only end the process that is spelled svchast.exe.

When those two Windows Police Pro processes are terminated, we need to fix one last thing so that you are able to run Windows programs. To do this, please download the following file to your desktop.
FixExe.reg
Once the file is downloaded, double-click on it and select Yes when it asks if you want to merge the data into your Registry. Once that is completed HOPEFULLY you should be able to run programs again.

If all went ok...I am keeping my fingers crossed here...
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Now I know you said you had HiJackThis on the computer. I would like you to Uninstall that one and download a new one from HERE

Run a Full System Scan and Save the log.
Post back here with the MBA-M log and the HJT log.
Judy

0

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and then see if you can run it.

0

I'm sorry to say that I have no idea what you mean by Program Files directory... If this is referring to my program files directory then it isn't there becuase I haven't been able to install it. I have only downloaded the program and attempted to open it(which its still not open yet).

So yeah, I don't know what you're getting at. :|

0

If it shows in Processes then it is running stop the process and then try renaming the install file on your desktop and try again.
You have two processes showing there....
a.exe and b.exe
Stop both of those I believe they are infection files.

0

Alright I got it installed, although it took a very long time. I closed down those processes although they came back and I subsequently shut them down again.

Now the problem is even though I installed it it won't open. It goes into the process tray, stays there for 15-20 minutes then closes.

0

Ok, you are going to have to do the following:

First of all, look in Scheduled Tasks. See if there are any odd ones or ones you did not add yourself. These would be ones which say, run every minute or multiple times or continue...plus with odd names. If you find any Delete them.
Then do the following:
Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility. mbam-clean.exe
It will ask to restart your computer (please allow it to).
After the computer restarts, Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

Again try renaming it if it does not install. Let me know what happens. One thing that really puts all this at a disadvantage is that you ran that combofix. We have absolutely NO idea what was done by that program because you never did post a log for it. So I am virtually "flying blind" here and I am going to be totally honest, I don't know that any of this will work. But I am trying to find a solution for you.

You never said, when you got the warning from the Windows Firewall DID you attempt to have the firewall BLOCK the program or not? You should.

Edited by jholland1964: n/a

0

Followed your instructions same result. It is installed but it won't open. As far as blocking, I don't have the option to block. I think all the pop-ups are fake alerts becuase I don't have that option. They only give me the option of canceling or enabling protection which leads me to a site that tries to sell me software.

0

Can you try in Safe Mode? MBA-M doesn't fully work in Safe Mode but it may get some things if it is able to run.

0

NOpe still doesn't work in safe mode...

While Judy is away, let's have a look at something:

Please download FindIt.zip and Extract the FindIt folder to your desktop.
-- Inside the folder, you'll see RunThis.bat - DoubleClick it and let it run. (10-20 seconds)
A log should pop up - please post that for me.


PP :)

0

Looking for cngaudit.dll

No matches found.


Looking for eventlog.dll

C:\WINDOWS\$NTSER~3\
eventlog.dll Tue Feb 28 2006 5:00:00a ..... 55,808 54.50 K

C:\WINDOWS\SYSTEM32\
eventlog.dll Sun Apr 13 2008 5:11:54p A.... 61,952 60.50 K

C:\WINDOWS\SERVIC~1\I386\
eventlog.dll Sun Apr 13 2008 5:11:54p ..... 56,320 55.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 174,080 bytes 170.00 K


Looking for logevent.dll

C:\WINDOWS\SYSTEM32\
logevent.dll Sun Apr 13 2008 5:11:54p A.... 56,320 55.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 56,320 bytes 55.00 K


Looking for netlogon.dll

C:\WINDOWS\$NTSER~3\
netlogon.dll Tue Feb 28 2006 5:00:00a ..... 407,040 397.50 K

C:\WINDOWS\SYSTEM32\
netlogon.dll Sun Apr 13 2008 5:12:02p A.... 407,040 397.50 K

C:\WINDOWS\SERVIC~1\I386\
netlogon.dll Sun Apr 13 2008 5:12:02p ..... 407,040 397.50 K

3 items found: 3 files, 0 directories.
Total of file sizes: 1,221,120 bytes 1.16 M


Looking for scecli.dll

C:\WINDOWS\$NTSER~3\
scecli.dll Tue Feb 28 2006 5:00:00a ..... 180,224 176.00 K

C:\WINDOWS\SYSTEM32\
scecli.dll Sun Apr 13 2008 5:12:06p A.... 181,248 177.00 K

C:\WINDOWS\SERVIC~1\I386\
scecli.dll Sun Apr 13 2008 5:12:06p ..... 181,248 177.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 542,720 bytes 530.00 K


That came up. For the record it took around 40-60 seconds, if that matters.

0

That came up. For the record it took around 40-60 seconds, if that matters.

Not really - I just based that on what it took on my compy :)

OK - We need to do this:

Please Download Win32kDiag and save it to your Desktop. Leave it for now.
http://ad13.geekstogo.com/Win32kDiag.exe
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:


Files to move:
C:\WINDOWS\SYSTEM32\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dll


-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox , using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.


NEXT:

Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r

That should produce a log, as well. Please post it for me.

Let me know if you ran into any difficulties along the way with these instructions and we'll go from there.

-- Check and see if MBA-M will run now in Normal Windows Boot and, if it does, do a Full Scan and have it remove what it finds and post that log too...

Best Luck :)
PP

Edited by PhilliePhan: n/a

0

First log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Posting now, will edit in additional log. Just in case my computer does a reboot or some such.

Second Log:

Log file is located at: C:\Documents and Settings\Robby\Desktop\Win32kDiag.txt

Removing all found mount points.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA0F.tmp\ZAPA0F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA0F.tmp\ZAPA0F.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF3.tmp\ZAPAF3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF3.tmp\ZAPAF3.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2006-02-28 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2005-06-28 11:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\6c582d950e8e569fbc534ce8a9e66be8\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2005-06-28 11:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\6c582d950e8e569fbc534ce8a9e66be8\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1292428093-1604221776-725345543-1003\S-1-5-21-1292428093-1604221776-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1292428093-1604221776-725345543-1003\S-1-5-21-1292428093-1604221776-725345543-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7SCADFZA\assets.espn.go.com\espnvideo\mpf22\prod\r_2_2_2\skin.swf\skin.swf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7SCADFZA\assets.espn.go.com\espnvideo\mpf22\prod\r_2_2_2\skin.swf\skin.swf

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7SCADFZA\macromedia.com\macromedia.com

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7SCADFZA\macromedia.com\macromedia.com

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-08-28 14:38:20 24689600 C:\WINDOWS\system32\MRT.exe ()

[2] 2009-02-25 12:55:00 24768960 C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP478\A0067584.exe (Microsoft Corporation)

[2] 2009-04-06 07:57:24 24921544 C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP500\A0068207.exe (Microsoft Corporation)

[2] 2009-05-07 00:16:29 24699336 C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP537\A0068915.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Finished!

Now attempting to use Malware.

Malwares is still not opening.

Edited by Turkagent: n/a

0

Now attempting to use Malware.
Malwares is still not opening.

OK - Let's do this first.

DELETE all copies of combofix currently on your machine!


Once that is done, follow the instructions in the link below to DL a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename combofix to Bunnyfix.exe and then download it to your desktop as that and follow the instructions in the linky very carefully to run Combofix and then post the Combofix log for me.

I will check back as time permits.

Best Luck :)
PP

0

Wow this is a long one. :| But here it is:

ComboFix 09-09-09.04 - Robby 09/09/2009 21:51.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT -7:00]
Running from: c:\documents and settings\Robby\Desktop\bunnyfix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\documents and settings\Robby\Application Data\cft
c:\program files\Protection System
c:\program files\Protection System\blacklist.cga
c:\program files\Protection System\core.cga
c:\program files\Protection System\coreext.dll
c:\program files\Protection System\firewall.dll
c:\program files\Protection System\help.ico
c:\program files\Protection System\psystem.exe
c:\program files\Protection System\uninstall.exe
c:\windows\Installer\28b405c1.msp
c:\windows\Installer\28b405c2.msp
c:\windows\Installer\457d371.msp
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\drivers\hjgruijiaoeydp.sys
c:\windows\system32\drivers\UACssjwyannvk.sys
c:\windows\system32\hjgruiirqtilcr.dll
c:\windows\system32\hjgruiossfvxvk.dll
c:\windows\system32\hjgruiwiataevx.dat
c:\windows\system32\hjgruiybqbuhyp.dll
c:\windows\system32\hjgruiykguirrc.dat
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\UACatwtksvhlr.dll
c:\windows\system32\UACdhvdudkuag.dll
c:\windows\system32\UACfbfgvhwalj.dll
c:\windows\system32\UACfvgdcndqer.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACweotblqcba.dat
c:\windows\system32\wingenocx.dll
c:\windows\system32\wscsvc32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiwaqcskbv
-------\Legacy_hjgruiwaqcskbv
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 03:10 . 2009-09-10 03:10 -------- d-----w- C:\ProgramData
2009-09-09 02:28 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 02:28 . 2009-09-09 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:28 . 2009-09-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 02:28 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:03 . 2009-09-10 03:16 -------- d--h--w- c:\windows\PIF
2009-09-07 19:02 . 2009-09-07 19:02 -------- d-----w- c:\program files\Trend Micro
2009-09-07 17:22 . 2009-09-10 03:10 -------- d-----w- c:\documents and settings\Robby\Local Settings\Application Data\AskToolbar
2009-09-07 13:18 . 2009-09-07 13:18 163840 ----a-w- c:\windows\svchasts.exe
2009-08-26 23:54 . 2009-08-26 23:54 -------- d-----w- c:\program files\PFPortChecker
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\program files\MSBuild
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 10:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 10:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 10:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 10:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 10:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 10:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 10:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 10:02 . 2009-09-10 03:16 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-13 05:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 04:55 . 2009-07-12 03:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-10 04:22 . 2007-11-23 07:01 -------- d-----w- c:\documents and settings\Robby\Application Data\mIRC
2009-09-10 04:19 . 2007-11-23 07:01 -------- d-----w- c:\program files\mIRC
2009-09-10 02:00 . 2009-03-13 22:28 -------- d-----w- c:\program files\Celestia
2009-09-09 02:11 . 2008-05-30 05:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-07 19:47 . 2008-07-29 23:47 -------- d-----w- c:\program files\Trillian
2009-08-29 23:57 . 2008-06-26 21:57 -------- d-----w- c:\program files\StealthBot
2009-08-25 05:22 . 2007-11-01 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 04:38 . 2007-11-01 10:40 -------- d-----w- c:\program files\Download Manager
2009-08-25 04:38 . 2007-11-01 10:40 -------- d-----w- c:\documents and settings\Robby\Application Data\IGN_DLM
2009-08-22 03:32 . 2008-08-15 01:11 -------- d-----w- c:\documents and settings\Robby\Application Data\uTorrent
2009-08-20 22:56 . 2007-11-08 19:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 16:10 . 2008-05-01 20:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 16:10 . 2008-05-01 20:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 16:10 . 2008-05-01 20:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-09 06:04 . 2008-05-01 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 18:57 . 2009-07-23 18:57 -------- d-----w- c:\program files\Procaster
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 03:23 . 2009-06-26 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-12 10:48 . 2009-07-12 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 02:46 . 2008-05-27 15:31 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-10 00:40 . 2008-06-18 15:06 2174 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 19:26 . 2009-07-02 19:26 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_23.41.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-18 12:42 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2007-11-01 09:39 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
- 2007-11-01 09:39 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-15 10:02 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-11-01 10:30 . 2007-07-27 17:41 16760 c:\windows\system32\spmsg.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 43544 c:\windows\system32\PresentationHostProxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2009-08-15 10:04 71060 c:\windows\system32\perfc009.dat
- 2007-10-24 08:47 . 2007-10-24 08:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 15360 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 01:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 83968 c:\windows\system32\mscories.dll
+ 2007-11-01 23:48 . 2009-07-23 19:07 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-01 23:48 . 2009-01-03 05:44 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-02-28 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 97800 c:\windows\system32\infocardapi.dll
- 2007-08-14 01:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-14 01:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2006-02-28 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2008-07-30 02:24 . 2008-07-30 02:24 11264 c:\windows\system32\icardres.dll
+ 2007-08-14 01:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
- 2007-08-14 01:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 73720 c:\windows\system32\dxva2.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-11-01 10:33 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-11-01 10:33 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-11-01 10:33 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-11-01 10:33 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 18:09 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 18:09 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-02-28 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-11-01 10:33 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-11-01 10:33 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2006-02-28 12:00 . 2008-04-14 00:11 56320 c:\windows\system32\dllcache\eventlog.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 96760 c:\windows\system32\dfshim.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96760 c:\windows\system32\dfshim.dll
+ 2009-09-06 14:58 . 2009-09-06 14:58 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2009-09-07 07:14 . 2009-09-08 00:26 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009090720090908\index.dat
+ 2007-11-01 08:48 . 2009-09-10 03:10 98304 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 12:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2009-07-15 01:52 . 2009-07-15 01:52 78566 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:32 . 2008-07-30 02:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-10-24 08:47 . 2007-10-24 08:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\a480446.msp
+ 2009-08-15 10:01 . 2009-08-15 10:01 88576 c:\windows\Installer\a462740.msi
+ 2009-07-23 18:57 . 2009-07-23 18:57 10134 c:\windows\Installer\{B0BFED32-E516-443D-AAE3-1A648C748E28}\SystemFolder_msiexec.exe
+ 2009-08-11 05:23 . 2009-08-11 05:23 40960 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2009-07-29 10:00 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-29 10:00 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-29 10:00 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-29 10:00 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-29 10:00 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-29 10:00 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-08-15 10:05 . 2009-08-15 10:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-08-15 10:05 . 2009-08-15 10:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-08-15 10:08 . 2009-08-15 10:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-08-15 10:02 . 2009-08-15 10:02 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-08-15 10:02 . 2009-08-15 10:02 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-03-14 20:25 . 2009-03-14 20:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-25 05:25 . 2009-08-25 05:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-25 05:25 . 2009-08-25 05:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-03-14 20:25 . 2009-03-14 20:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-07-15 10:00 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-07-15 10:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-15 10:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-29 10:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll
+ 2009-07-29 10:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll
+ 2009-07-15 10:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-15 10:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-07-15 10:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-15 10:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-06 14:58 . 2009-09-08 00:26 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar\cache.dat
+ 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 08:47 . 2007-10-24 08:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-08-15 10:03 . 2009-08-15 10:03 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-26 10:01 . 2008-04-26 10:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-08-15 10:04 . 2009-08-15 10:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-26 10:01 . 2008-04-26 10:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 04:23 . 2007-11-07 04:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2009-09-10 04:59 . 2008-12-17 04:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-07-13 23:40 . 2008-12-17 04:59 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2008-07-30 04:26 . 2008-07-30 04:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-02-28 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-08-15 10:02 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2008-06-04 21:58 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2008-06-04 21:58 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-06-04 21:58 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-06-04 21:58 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2008-06-04 21:58 . 2008-04-14 00:12 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 23:15 . 2006-08-24 23:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-02-28 12:00 . 2009-08-15 10:04 441124 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2007-08-14 01:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 282112 c:\windows\system32\mscoree.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 282112 c:\windows\system32\mscoree.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-08-14 01:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2007-08-14 01:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2006-02-28 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2006-02-28 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 622080 c:\windows\system32\icardagt.exe
- 2006-02-28 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 493048 c:\windows\system32\evr.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-02-28 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-11-01 10:33 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-11-01 10:33 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-16 22:28 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-11-01 08:42 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2007-11-01 10:33 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-11-01 10:33 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-11-01 10:33 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-02-28 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-02-28 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-02-28 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-09-07 07:14 . 2009-09-07 07:14 196608 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009083120090907\index.dat
+ 2007-11-01 08:48 . 2009-09-10 03:10 638976 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-28 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
+ 2006-02-28 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
+ 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-08-15 10:03 . 2009-08-15 10:03 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-30 01:47 . 2008-07-30 01:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 06:15 . 2008-07-30 06:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 06:40 . 2008-07-30 06:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 16:58 . 2008-12-13 16:58 754688 c:\windows\Installer\a489f8d.msp
+ 2009-08-15 10:03 . 2009-08-15 10:03 648192 c:\windows\Installer\a489f61.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\a48044f.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\a48044d.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\a48044b.msp
+ 2009-08-15 10:02 . 2009-08-15 10:02 137728 c:\windows\Installer\a480445.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\a462745.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\a462743.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\a462742.msp
+ 2009-07-23 18:57 . 2009-07-23 18:57 304128 c:\windows\Installer\327bd8f4.msi
+ 2009-03-20 18:48 . 2009-03-20 18:48 183808 c:\windows\Installer\19ba14d8.msp
+ 2009-07-29 10:00 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-29 10:00 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-29 10:00 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-29 10:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-29 10:00 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-29 10:00 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-29 10:00 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-29 10:00 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-29 10:00 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-29 10:00 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-29 10:00 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-29 10:00 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-29 10:00 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-08-15 10:02 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-08-15 10:02 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-08-15 10:06 . 2009-08-15 10:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-08-15 10:10 . 2009-08-15 10:10 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-08-15 10:09 . 2009-08-15 10:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-08-15 10:08 . 2009-08-15 10:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-08-15 10:06 . 2009-08-15 10:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-08-15 10:06 . 2009-08-15 10:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-08-15 10:08 . 2009-08-15 10:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-08-15 10:08 . 2009-08-15 10:08 220672 c:\windo

0

Seems it was so long that it cut off. Here is the part where it cut off:

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-31 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 16:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe"=
"c:\\Game Files\\Warden\\Warden.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2008 1:33 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2008 1:33 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 9:37 AM 297752]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [8/2/2007 9:32 AM 22784]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 9:37 AM 908056]
S2 uxrmhzi;uxrmhzi;\??\c:\windows\system32\drivers\hjyvsxjnsoh.sys --> c:\windows\system32\drivers\hjyvsxjnsoh.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 NETMW145;NETGEAR WN311T;c:\windows\system32\drivers\NETMW145.sys [3/25/2009 6:34 PM 437248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\DRIVERS\WMP300Nv1.sys --> c:\windows\system32\DRIVERS\WMP300Nv1.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Robby\Application Data\Mozilla\Firefox\Profiles\wrjhr8q2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-Protection System - c:\program files\Protection System\psystem.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 21:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1604221776-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,09,be,e9,a5,5c,94,fb,61,6d,c6,de,5b,79,2b,c5,96,9d,d8,cd,c3,ef,57,
8f,f0,8a,98,b8,d4,a9,61,25,95,ff,82,94,73,54,a2,80,dd,2c,f1,04,d0,63,9f,14,\
"??"=hex:da,c9,da,7d,be,6c,41,97,c6,95,44,55,74,0c,9a,63

[HKEY_USERS\S-1-5-21-1292428093-1604221776-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:7a,4e,4b,11,9c,5b,06,73,80,15,2e,4c,7c,fb,0c,64,c5,3b,b7,33,89,
0b,a7,e2,a5,6a,24,e5,22,46,24,d1,27,19,85,46,03,4a,b4,c3,62,4c,0d,fc,cc,56,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\Robby\LOCALS~1\temp\EAD1.exe
.
**************************************************************************
.
Completion time: 2009-09-10 22:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 05:01

Pre-Run: 78,986,412,032 bytes free
Post-Run: 79,588,888,576 bytes free

1258 --- E O F --- 2009-09-10 01:24

0

OK . . . . That looks good! Not totally clean, but a hell of a lot better than where you were.....

Interestingly enough, every infected computer I have seen with this baddie also has some sort of Torrent client..... Food for thought.
I'd like you to disable yours until we are done cleaning your machine. Hate to get re-infected.....


Since I won't be back until Thursday night, I'd like you to go ahead and do this:

1) Run a Full Scan with MBA-M and have it fix what it finds and post that log for me.

2) Reboot.

3) Delete your current Combofix.
Download a fresh Combofix and run it again the same way you did before and post that log for me. Be sure it is the new log.

Cheers :)
PP

Edited by PhilliePhan: n/a

0

Malwarebytes' Anti-Malware 1.40
Database version: 2770
Windows 5.1.2600 Service Pack 3

9/10/2009 3:33:59 AM
mbam-log-2009-09-10 (03-33-58).txt

Scan type: Full Scan (C:\|D:\|I:\|J:\|)
Objects scanned: 209748
Time elapsed: 38 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\15331874 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Protection System\psystem.exe.vir (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\desote.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruiybqbuhyp.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\memman.vxd.vir (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACatwtksvhlr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfvgdcndqer.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wingenocx.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hjgruijiaoeydp.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP597\A0075268.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP597\A0075269.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP597\A0075274.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP597\A0075276.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP598\A0075315.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP598\A0075318.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP598\A0075319.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C3B8F1C9-AEBC-494E-9835-6A1E0B98FAE3}\RP598\A0075321.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svchasts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.


Rebooting now and will do the combo-fix later tonight.

0

Double posting since I can't edit my post:

ComboFix 09-09-09.07 - Robby 09/10/2009 3:43.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1389 [GMT -7:00]
Running from: c:\documents and settings\Robby\Desktop\bunnyfix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 10:48 . 2009-09-10 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-09-10 09:54 . 2009-09-10 09:54 -------- d-----w- c:\documents and settings\Robby\Application Data\Malwarebytes
2009-09-10 03:10 . 2009-09-10 03:10 -------- d-----w- C:\ProgramData
2009-09-09 02:28 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 02:28 . 2009-09-09 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:28 . 2009-09-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 02:28 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:03 . 2009-09-10 03:16 -------- d--h--w- c:\windows\PIF
2009-09-07 19:02 . 2009-09-07 19:02 -------- d-----w- c:\program files\Trend Micro
2009-09-07 17:22 . 2009-09-10 03:10 -------- d-----w- c:\documents and settings\Robby\Local Settings\Application Data\AskToolbar
2009-08-26 23:54 . 2009-08-26 23:54 -------- d-----w- c:\program files\PFPortChecker
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\program files\MSBuild
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 10:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 10:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 10:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 10:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 10:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 10:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 10:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 10:02 . 2009-09-10 03:16 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-13 05:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 10:45 . 2009-07-12 03:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-10 04:22 . 2007-11-23 07:01 -------- d-----w- c:\documents and settings\Robby\Application Data\mIRC
2009-09-10 04:19 . 2007-11-23 07:01 -------- d-----w- c:\program files\mIRC
2009-09-10 02:00 . 2009-03-13 22:28 -------- d-----w- c:\program files\Celestia
2009-09-09 02:11 . 2008-05-30 05:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-07 19:47 . 2008-07-29 23:47 -------- d-----w- c:\program files\Trillian
2009-08-29 23:57 . 2008-06-26 21:57 -------- d-----w- c:\program files\StealthBot
2009-08-25 05:22 . 2007-11-01 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 04:38 . 2007-11-01 10:40 -------- d-----w- c:\program files\Download Manager
2009-08-25 04:38 . 2007-11-01 10:40 -------- d-----w- c:\documents and settings\Robby\Application Data\IGN_DLM
2009-08-22 03:32 . 2008-08-15 01:11 -------- d-----w- c:\documents and settings\Robby\Application Data\uTorrent
2009-08-20 22:56 . 2007-11-08 19:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 16:10 . 2008-05-01 20:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 16:10 . 2008-05-01 20:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 16:10 . 2008-05-01 20:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-09 06:04 . 2008-05-01 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 18:57 . 2009-07-23 18:57 -------- d-----w- c:\program files\Procaster
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 03:23 . 2009-06-26 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-10 02:46 . 2008-05-27 15:31 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-10 00:40 . 2008-06-18 15:06 2174 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 19:26 . 2009-07-02 19:26 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-07-23 2084480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\d851737a-7b8e-4bb9-84bc-9c768061b10b.exe" [2009-08-18 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"WN311T.exe"="c:\program files\NETGEAR\WN311T\WN311T.exe" [2007-06-13 557056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-31 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 16:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe"=
"c:\\Game Files\\Warden\\Warden.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2008 1:33 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2008 1:33 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 9:37 AM 297752]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [8/2/2007 9:32 AM 22784]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 9:37 AM 908056]
S2 uxrmhzi;uxrmhzi;\??\c:\windows\system32\drivers\hjyvsxjnsoh.sys --> c:\windows\system32\drivers\hjyvsxjnsoh.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 NETMW145;NETGEAR WN311T;c:\windows\system32\drivers\NETMW145.sys [3/25/2009 6:34 PM 437248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\DRIVERS\WMP300Nv1.sys --> c:\windows\system32\DRIVERS\WMP300Nv1.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Robby\Application Data\Mozilla\Firefox\Profiles\wrjhr8q2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 03:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1604221776-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,09,be,e9,a5,5c,94,fb,61,6d,c6,de,5b,79,2b,c5,96,9d,d8,cd,c3,ef,57,
8f,f0,8a,98,b8,d4,a9,61,25,95,ff,82,94,73,54,a2,80,dd,2c,f1,04,d0,63,9f,14,\
"??"=hex:da,c9,da,7d,be,6c,41,97,c6,95,44,55,74,0c,9a,63

[HKEY_USERS\S-1-5-21-1292428093-1604221776-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:7a,4e,4b,11,9c,5b,06,73,80,15,2e,4c,7c,fb,0c,64,c5,3b,b7,33,89,
0b,a7,e2,a5,6a,24,e5,22,46,24,d1,27,19,85,46,03,4a,b4,c3,62,4c,0d,fc,cc,56,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-10 3:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 10:50
ComboFix2.txt 2009-09-10 05:02

Pre-Run: 79,623,340,032 bytes free
Post-Run: 79,597,879,296 bytes free

256 --- E O F --- 2009-09-10 01:24

0

OK - A couple more steps:

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe just like this.

-- Let Combofix run as before and post me that log and we'll see if we can wrap this up.

PP:)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.