Options

Malware problem

Typically when I do a google search and click on a link, random websites will open. In addition, I can't open my iTunes application because it states that Quicktime is required eventhough Quicktime was/is installed on my system. Below is my log. Please help! Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:58 AM, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geoffreymason.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [qhfuierk] C:\Documents and Settings\Administrator\Local Settings\Application Data\jxjdhe\mcutsysguard.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qhfuierk] C:\Documents and Settings\Administrator\Local Settings\Application Data\jxjdhe\mcutsysguard.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173149564947
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
--
End of file - 15049 bytes

Comments

  • edited December 2009
    Hi,

    A few things before we start....
    1. Please Read All Instructions Carefully.
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you.
    4. If you have to go away for an extended period of time, let me know.
    5. Please continue to respond until I give you the "All Clear".
    (Just because you can't see a problem doesn't mean it isn't there)


    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log and C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • edited December 2009
    Hello Chiaz, thank you for your response. Below are the Anti-Malware and HiJackThis logs. I was unable to download and run Combofix because the download site stated "not available for download until an issue with the program has been resolved."

    Please advise. Thank you!

    Anti-Malware Log
    Malwarebytes' Anti-Malware 1.42
    Database version: 3356
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12/13/2009 9:04:07 PM
    mbam-log-2009-12-13 (21-04-07).txt
    Scan type: Quick Scan
    Objects scanned: 121963
    Time elapsed: 19 minute(s), 44 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qhfuierk (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qhfuierk (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    HiJackThis Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:27:56 PM, on 12/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geoffreymason.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173149564947
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    --
    End of file - 15009 bytes
  • edited December 2009
    Please download TFC.exe - Temp File Cleaner by OldTimer.
    Save it to your Desktop.
    Close any open windows, save your work,
    Double click the TFC icon to run the program,
    TFC will close all open programs itself in order to run,
    Click the Start button to begin the process,
    Allow TFC to run uninterrupted,
    The program should not take long to finish it's job,
    Once it's finished, click OK to reboot.

    Now, let's have you go HERE to run Panda ActiveScan 2.0
    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.
  • edited December 2009
    I've completed the TRC scan and started the ActiveScan two times. I was unable to export the log neither was I able determine whether the ActiveScan even completed because my system automatically rebooted each time.

    I am still experiencing random websites opening after clicking on a link. For example, I may go to google and search msn and click on the msn link and something random will open. It's not happening as often as before but it's still happening.

    Even though you didn't request it in your last response, I have posted a new copy of my HiJack log. Thank you for your assistance thus far!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:17 PM, on 12/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geoffreymason.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173149564947
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    --
    End of file - 14659 bytes
  • edited December 2009
    Hi,

    Instead of a quick scan, can I have you run MBAM now, update, and do a full scan of your PC.

    Once that is done, remove all that is found and restart your computer.

    Then go here to run a scan with Kaspersky:
    www.kaspersky.com/kos/english/kavwebscan.html


    Post both generated logs in your reply.
  • edited December 2009
    Below is my MBAM log from the full scan.

    When attempting to run Kaspersky, I receive the message "Starting Java applet has failed! Please go online to use this program." I've disable the anti-virus installed on my system, updated java, and restarted my system and I keep getting the same message.

    Malwarebytes' Anti-Malware 1.42
    Database version: 3362
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12/15/2009 11:05:11 PM
    mbam-log-2009-12-15 (23-05-10).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 211791
    Time elapsed: 2 hour(s), 17 minute(s), 4 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
  • edited December 2009
    Are you using Internet Explorer for the scan?

    Try this:
    http://www.bitdefender.com/scanner/online/free.html
  • edited December 2009
    I am using Internet Explorer.

    For whatever reason when I run bitdefender it never completes just like some of the previous scans you've had me run. When I check the system after a few hours, it has automatically rebooted. I'm about to try and run it again now, I just wanted to give you an update. I will let you know what happens.
  • edited December 2009
    Prior to running bitdefender this last time, I disabled the Automatic restart. After doing this and starting the scan, after a while, I noticed the system went to a blue screen with the error KERNEL_STACK_INPAGE_ERROR. I am assuming that is what has prevented the other scans from completing also.
  • edited December 2009
    Boot to Safe Mode with Networking (Instructions can be found here)

    Try running any of the online scanners from here. Don't do any other surfing while scanning though.
    Let me know. :)
  • edited December 2009
    Here are my results from BitDefender

    BitDefender Online Scanner - Real Time Virus Report


    Generated at: Sat, Dec 19, 2009 - 22:25:46



    Scan Info


    Scanned Files
    402434
    Infected Files
    0





    Virus Detected


    No virus found.
  • edited December 2009
    OK can I have an update on your issues? Still experiencing the random redirects?
  • edited December 2009
    Yes I am still experiencing random redirects.
  • edited December 2009
    Download RootRepeal:
    http://rootrepeal.googlepages.com/RootRepeal.zip
    • Extract the archive to a folder you create such as C:\RootRepeal
    • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
    • Click the "File" tab (located at the bottom of the RootRepeal screen)
    • Click the "Scan" button
    • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
    • Click OK and the file scan will begin
    • When the scan is done, there will be files listed, but most if not all of them will be legitimate
    • Click the "Save Report" Button
    • Save the log file to your Documents folder
    • Post the content of the RootRepeal file scan log in your next reply.
  • edited December 2009
    Below is my scan log from RootRepeal

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/12/21 07:15
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP Tablet PC Edition SP3
    ==================================================
    Hidden/Locked Files
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!
    Path: c:\documents and settings\administrator\local settings\temp\~df6e9.tmp
    Status: Allocation size mismatch (API: 196608, Raw: 16384)
  • edited December 2009
    Hi, sorry for the late response.


    Let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include C:\ComboFix.txt for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • edited December 2009
    No worries about the late response, I just appreciate your assistance! Here is my ComboFix report split into multiple replies since it exceeds the maximum number of characters allowed.

    ComboFix 09-12-22.06 - Administrator 12/23/2009 7:02.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.402 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    Infected copy of c:\windows\system32\DRIVERS\IASTOR.SYS was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
    .
    2009-12-21 01:40 . 2009-12-21 01:40 0 ----a-w- c:\documents and settings\Administrator\settings.dat
    2009-12-21 01:40 . 2009-12-21 01:40 464491 ----a-w- C:\RootRepeal.zip
    2009-12-16 23:41 . 2009-12-20 04:25
    d
    w- c:\windows\BDOSCAN8
    2009-12-16 12:44 . 2009-12-16 12:44 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-07 00:58 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-12-07 00:58 . 2009-12-07 00:58
    d
    w- c:\program files\Panda Security
    2009-12-06 21:52 . 2009-12-06 21:52
    d
    w- c:\windows\system32\wbem\Repository
    2009-12-06 21:52 . 2009-12-07 00:38
    d
    w- c:\program files\QuickTime
    2009-12-06 21:51 . 2009-12-06 22:08
    d
    w- c:\program files\iPod
    2009-12-06 21:51 . 2009-12-06 22:08
    d
    w- c:\program files\iTunes
    2009-12-06 21:51 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-12-06 21:51 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\Research In Motion
    2009-12-06 21:50 . 2009-12-06 21:50
    d
    w- c:\program files\Roxio
    2009-12-06 21:50 . 2009-12-06 21:50
    d
    w- c:\program files\Common Files\Sonic Shared
    2009-12-05 22:34 . 2009-12-05 22:34
    d
    w- c:\documents and settings\LocalService\IETldCache
    2009-12-05 21:58 . 2009-12-06 21:49
    d
    w- c:\program files\Common Files\Sonic Shared(2)
    2009-12-05 21:58 . 2009-12-06 21:49
    d
    w- c:\program files\Roxio(2)
    2009-12-05 21:47 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\Research In Motion(2)
    2009-12-04 13:26 . 2009-12-06 21:51
    d
    w- c:\program files\iPod(2)
    2009-12-04 13:26 . 2009-12-06 21:51
    d
    w- c:\program files\iTunes(2)
    2009-12-04 13:26 . 2009-12-04 13:27
    d
    w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-04 13:22 . 2009-12-06 21:52
    d
    w- c:\program files\QuickTime(2)
    2009-11-29 12:30 . 2009-11-29 12:30 151664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-27 19:52 . 2009-11-27 19:52
    d
    w- c:\documents and settings\Administrator\Application Data\DivX
    2009-11-27 18:54 . 2004-03-29 23:23 90112 ----a-w- c:\windows\unvise32.exe
    2009-11-27 18:01 . 2009-11-27 18:01 29926 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
    2009-11-27 18:01 . 2005-09-24 04:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
    2009-11-27 18:00 . 2009-11-27 18:00
    d
    w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
    2009-11-27 18:00 . 2009-11-27 18:00
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\program files\Common Files\Pegasus Imaging
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\program files\Common Files\Yahoo!
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\documents and settings\All Users\Application Data\Studio 14
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
    2009-11-27 16:43 . 2009-11-27 16:48
    d
    w- c:\documents and settings\All Users\Studio14Trial
    2009-11-27 14:19 . 2009-11-27 14:19
    d
    w- c:\program files\Pure Motion
    2009-11-27 14:19 . 2009-11-27 14:19
    d
    w- c:\program files\Sonic Foundry
    2009-11-27 14:19 . 2009-12-07 02:04
    d
    w- c:\program files\DebugMode
    2009-11-26 00:53 . 2009-11-26 00:53
    d
    w- c:\documents and settings\Administrator\Local Settings\Application Data\jxjdhe
  • edited December 2009
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-23 12:58 . 2007-01-28 20:10 72784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-12-19 19:37 . 2006-06-22 21:07 874240 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
    2009-12-19 19:37 . 2006-06-22 21:07 874240 ----a-w- c:\windows\system32\drivers\iaStor.svs
    2009-12-16 12:47 . 2006-11-11 00:34
    d
    w- c:\program files\Java
    2009-12-16 12:44 . 2009-11-21 05:01 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-14 02:41 . 2009-09-03 11:55
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-08 03:43 . 2009-11-17 01:42
    d
    w- c:\documents and settings\Administrator\Application Data\Move Networks
    2009-12-07 00:39 . 2008-01-14 04:46
    d
    w- c:\program files\Windows Live
    2009-12-06 21:55 . 2009-11-15 22:37
    d
    w- c:\documents and settings\All Users\Application Data\Roxio
    2009-12-06 21:52 . 2009-03-06 02:40
    d
    w- c:\program files\Safari
    2009-12-06 21:51 . 2008-02-01 04:20
    d
    w- c:\program files\Common Files\Apple
    2009-12-06 21:49 . 2009-10-17 17:20
    d
    w- c:\program files\Common Files\Roxio Shared
    2009-12-04 13:40 . 2008-02-01 04:23
    d
    w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2009-12-04 13:18 . 2008-02-01 04:01
    d
    w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-03 22:14 . 2009-09-03 11:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 22:13 . 2009-09-03 11:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-03 02:05 . 2008-12-13 00:04
    d
    w- c:\documents and settings\Administrator\Application Data\LimeWire
    2009-11-27 18:54 . 2009-03-03 04:20
    d
    w- c:\program files\Pinnacle
    2009-11-27 18:01 . 2009-03-03 04:20
    d
    w- c:\program files\Common Files\Pinnacle
    2009-11-27 17:59 . 2009-03-03 04:20
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle
    2009-11-25 05:01 . 2007-12-16 15:53
    d
    w- c:\program files\McAfee
    2009-11-22 23:14 . 2009-03-03 05:43
    d
    w- c:\program files\FormatFactory
    2009-11-17 01:42 . 2009-11-17 01:42 143976 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
    2009-11-17 01:42 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll
    2009-11-16 01:48 . 2009-10-17 17:30 256 ----a-w- c:\windows\system32\pool.bin
    2009-11-15 22:52 . 2009-11-15 22:52
    d
    w- c:\documents and settings\LocalService\Application Data\Roxio
    2009-11-15 22:52 . 2009-11-15 22:52
    d
    w- c:\documents and settings\Administrator\Application Data\Roxio
    2009-11-15 22:40 . 2009-11-15 22:40
    d
    w- c:\documents and settings\All Users\Application Data\Sonic
    2009-11-15 22:34 . 2009-11-15 22:15 139535704 ----a-w- c:\documents and settings\Administrator\Application Data\Research In Motion\BlackBerry\SR_MM_English.exe
    2009-11-04 02:16 . 2009-11-04 02:16 26694 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{566247B6-72EC-4E5F-B9B4-2B20C753688D}\BlackBerry.exe
    2009-11-04 02:16 . 2009-05-01 11:26
    d
    w- c:\program files\Common Files\Research in Motion
    2009-10-30 22:46 . 2009-10-30 22:46
    d
    w- c:\documents and settings\All Users\Application Data\InstallShield
    2009-10-30 22:46 . 2009-10-30 22:46
    d
    w- c:\documents and settings\Administrator\Application Data\InstallShield
    2009-10-29 07:45 . 2006-06-22 21:07 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2006-06-22 21:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2006-06-22 21:06 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-10-13 10:30 . 2006-06-22 21:06 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2006-06-22 21:06 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2006-06-22 21:06 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-11 10:17 . 2008-12-13 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
    2008-08-05 11:12 . 2008-08-05 11:12 206 ----a-w- c:\program files\Shortcut to CD Drive.lnk
    .
    ((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-09-04_04.07.41"]SnapShot@2009-09-04_04.07.41[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
    + 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
    + 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
    + 2006-12-02 06:46 . 2006-12-02 06:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
    + 2006-12-02 06:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
    + 2006-12-02 06:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
    - 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
    + 2006-12-02 06:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
    - 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
    + 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
    + 2009-12-23 12:55 . 2009-12-23 12:55 16384 c:\windows\Temp\Perflib_Perfdata_c8.dat
    + 2007-03-06 02:53 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
    + 2006-06-22 21:07 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
    + 2007-03-26 07:00 . 2007-03-26 07:00 88824 c:\windows\system32\vxblock.dll
    + 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
    - 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
    + 2009-10-03 02:31 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
    + 2009-10-03 02:31 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
    + 2006-06-22 21:06 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
    - 2006-06-22 21:06 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
    + 2009-11-04 02:17 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0032\DriverFiles\RimSerial.sys
    + 2009-11-02 01:29 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0030\DriverFiles\RimSerial.sys
    + 2009-10-30 22:54 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RimSerial.sys
    + 2009-10-21 00:57 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0028\DriverFiles\RimSerial.sys
    + 2009-10-17 17:21 . 2007-01-18 15:24 26496 c:\windows\system32\ReinstallBackups\0027\DriverFiles\RimSerial.sys
    + 2009-10-06 08:00 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\hidserv.dll
    + 2009-10-06 08:00 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0025\DriverFiles\i386\hidserv.dll
    + 2007-05-01 22:48 . 2007-05-01 22:48 64760 c:\windows\system32\pxinsa64.exe
    + 2007-05-01 22:48 . 2007-05-01 22:48 66296 c:\windows\system32\pxcpya64.exe
    + 2006-06-22 21:06 . 2009-12-10 09:25 72824 c:\windows\system32\perfc009.dat
    - 2006-06-22 21:06 . 2009-08-06 08:13 72824 c:\windows\system32\perfc009.dat
    + 2002-01-05 09:38 . 2002-01-05 09:38 54784 c:\windows\system32\msvci70.dll
    + 2006-06-22 21:06 . 2008-05-19 12:33 18944 c:\windows\system32\msisip.dll
    + 2006-06-22 21:06 . 2008-05-19 07:57 95744 c:\windows\system32\msiexec.exe
    + 2006-11-08 02:03 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
    - 2006-11-08 02:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-06-22 21:06 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
    - 2006-06-22 21:06 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
    + 2006-06-22 21:06 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
    + 2007-05-01 22:48 . 2007-05-01 22:48 68344 c:\windows\system32\drvins64.exe
    + 2008-05-20 23:33 . 2008-05-20 23:33 22784 c:\windows\system32\drivers\RimUsb.sys
    + 2009-05-01 11:34 . 2009-01-09 21:18 27136 c:\windows\system32\drivers\RimSerial.sys
    + 2007-05-01 09:00 . 2007-05-01 09:00 43528 c:\windows\system32\drivers\pxhelp20.sys
    + 2009-05-09 06:14 . 2009-05-09 06:14 14736 c:\windows\system32\drivers\nuidfltr.sys
    + 2007-12-16 15:54 . 2009-09-16 15:22 40552 c:\windows\system32\drivers\mfesmfk.sys
    + 2007-12-16 15:54 . 2009-09-16 15:22 34248 c:\windows\system32\drivers\mferkdk.sys
    + 2007-12-16 15:54 . 2009-09-16 15:22 35272 c:\windows\system32\drivers\mfebopk.sys
    + 2007-12-16 15:54 . 2009-09-16 15:22 79816 c:\windows\system32\drivers\mfeavfk.sys
    + 2006-06-22 21:06 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
    + 2009-10-06 08:00 . 2008-04-13 23:11 21504 c:\windows\system32\drivers\hidserv.dll
    - 2009-06-25 01:13 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-06-25 01:13 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
    + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
    + 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
    + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
    - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
    + 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
    + 2008-05-19 12:33 . 2008-05-19 12:33 18944 c:\windows\system32\dllcache\msisip.dll
    + 2008-05-19 07:57 . 2008-05-19 07:57 95744 c:\windows\system32\dllcache\msiexec.exe
    - 2007-06-01 04:03 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-06-01 04:03 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
    + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
    - 2007-01-04 14:05 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2007-01-04 14:05 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
    + 2006-06-22 21:06 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
    + 2009-09-04 04:09 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 59904 c:\windows\system32\dllcache\cache\regsvc.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
    + 2009-09-04 04:09 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
    + 2009-09-04 04:09 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\cache\linkinfo.dll
    + 2009-09-04 04:09 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
    + 2009-09-04 04:09 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
    + 2009-09-04 04:09 . 2008-04-14 00:11 56320 c:\windows\system32\dllcache\cache\eventlog.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
    + 2009-09-04 04:09 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\cache\browser.dll
    + 2009-09-04 04:09 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
    + 2009-09-04 04:09 . 2004-08-04 19:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
    + 2009-12-23 08:18 . 2009-12-19 17:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009122320091224\index.dat
    + 2009-12-22 08:49 . 2009-12-19 17:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009122220091223\index.dat
    + 2009-12-22 08:49 . 2009-12-19 17:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009121420091221\index.dat
    + 2009-12-14 16:42 . 2009-12-14 13:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009120720091214\index.dat
    + 2006-06-23 04:21 . 2009-12-23 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-06-23 04:21 . 2009-09-04 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-12-10 09:29 . 2009-12-10 09:29 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-12-13 19:07 . 2009-12-19 17:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2006-06-23 04:23 . 2009-12-06 21:55 72784 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    - 2006-06-23 04:21 . 2009-09-04 00:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2006-06-23 04:21 . 2009-12-23 12:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-12-14 23:25 . 2009-12-16 02:29 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
    + 2006-06-22 21:06 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
    + 2002-01-05 08:18 . 2002-01-05 08:18 84992 c:\windows\system32\atl70.dll
    + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.Net\Framework\v1.1.4322\Updates\hotfix.exe
    + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsn.dll
    - 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsn.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorie.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorie.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_wp.exe
    - 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_wp.exe
    + 2004-09-30 00:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.Net\Framework\v1.0.3705\ToGac.exe
    + 2004-10-07 23:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.Net\Framework\v1.0.3705\SetRegNI.exe
    - 2006-06-23 04:16 . 2007-01-02 21:29 86016 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorld.dll
    + 2006-06-23 04:16 . 2009-06-24 03:01 86016 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorld.dll
    + 2006-06-23 04:16 . 2009-06-24 03:01 73728 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorie.dll
    - 2006-06-23 04:16 . 2007-01-02 21:29 73728 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorie.dll
    - 2006-06-23 04:16 . 2008-04-13 16:10 32768 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_wp.exe
    + 2006-06-23 04:16 . 2009-06-24 03:12 32768 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_wp.exe
    - 2006-06-23 04:16 . 2008-04-13 16:10 32768 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_state.exe
    + 2006-06-23 04:16 . 2009-06-24 03:12 32768 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_state.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-17 17:21 . 2009-10-21 00:56 69632 c:\windows\Installer\{F8C04C5B-8876-424D-B428-23626373D2A0}\DesktopMgr.exe
    + 2009-11-25 09:01 . 2009-11-25 09:01 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut24_8E832933A07340209FB8DBADC480B69B_1.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ARPPRODUCTICON.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 70952 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_ReadMe.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 50472 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_Help_HH.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 75048 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_ContentTransfer.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 54568 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_Check3D.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 46376 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_AMCap.exe
    + 2006-11-11 00:46 . 2009-10-17 08:08 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
    - 2006-11-11 00:46 . 2008-11-13 09:06 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-11-11 00:37 . 2009-09-02 11:31 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-06-20 04:39 . 2009-09-02 11:32 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-06-20 04:39 . 2009-12-10 09:06 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2007-06-20 04:39 . 2009-09-02 11:32 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-06-20 04:39 . 2009-12-10 09:06 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2009-06-12 05:50 . 2009-06-12 05:50 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-11-12 09:04 . 2009-11-12 09:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-11-15 22:40 . 2009-11-15 22:40 38400 c:\windows\Installer\{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}\RoxioCentral.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-10-30 22:53 . 2009-11-02 01:28 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
    + 2009-12-10 09:04 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
    + 2009-01-05 21:44 . 2009-01-05 21:44 53248 c:\windows\bdoscandel.exe
    + 2009-12-16 23:41 . 2009-12-16 23:41 86016 c:\windows\BDOSCAN8\librtvr.dll
    + 2009-12-16 23:41 . 2009-12-16 23:41 27136 c:\windows\BDOSCAN8\avxt.dll
    + 2009-12-16 23:41 . 2009-12-16 23:41 10240 c:\windows\BDOSCAN8\avxs.dll
    + 2009-12-16 23:41 . 2009-12-16 23:41 45056 c:\windows\BDOSCAN8\avxdisk.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_33fcffde\System.Drawing.Design.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9378fb06\CustomMarshalers.dll
    + 2009-10-17 08:03 . 2009-10-17 08:03 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_7fcd62f8\System.Drawing.Design.dll
    + 2009-10-17 08:03 . 2009-10-17 08:03 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e214abc4\CustomMarshalers.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\4f53aa031115b069a5c4d1079929fbd6\UIXControls.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
    + 2009-10-17 08:20 . 2009-10-17 08:20 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
    + 2009-10-17 08:19 . 2009-10-17 08:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
  • edited December 2009
    c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
    + 2009-10-17 08:23 . 2009-10-17 08:23 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-09-30 09:59 . 2009-09-30 09:59 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
    + 2009-09-30 09:59 . 2009-09-30 09:59 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
    + 2009-10-17 08:08 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
    + 2009-09-28 08:01 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
    + 2009-09-28 08:01 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
    + 2009-09-28 08:01 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys
    + 2009-10-17 08:02 . 2007-12-17 12:00 66592 c:\windows\$NtUninstallKB953295$\togac.exe
    + 2009-10-17 08:02 . 2007-12-17 11:59 66592 c:\windows\$NtUninstallKB953295$\setregni.exe
    + 2009-10-17 08:02 . 2007-01-02 21:29 86016 c:\windows\$NtUninstallKB953295$\mscorld.dll
    + 2009-10-17 08:02 . 2007-01-02 21:29 73728 c:\windows\$NtUninstallKB953295$\mscorie.dll
    + 2009-10-17 08:02 . 2008-04-13 16:10 32768 c:\windows\$NtUninstallKB953295$\aspnet_wp.exe
    + 2009-10-17 08:02 . 2008-04-13 16:10 32768 c:\windows\$NtUninstallKB953295$\aspnet_state.exe
    + 2009-11-04 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976749-IE8\update\spcustom.dll
    + 2009-11-04 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976749-IE8\spmsg.dll
    + 2009-10-17 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
    + 2009-10-17 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
    + 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
    + 2009-10-23 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB974455-IE8\update\spcustom.dll
    + 2009-10-23 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB974455-IE8\spmsg.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 12800 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\xpshims.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 55296 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeedsbs.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 25600 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\jsproxy.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
    + 2009-10-17 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
    + 2009-10-17 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
    + 2009-09-09 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
    + 2009-09-09 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
    + 2009-10-17 08:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
    + 2009-10-17 08:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
    + 2009-11-12 09:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
    + 2009-11-12 09:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
    + 2009-10-17 08:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
    + 2009-10-17 08:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
    + 2009-09-28 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
    + 2009-09-28 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
    + 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
    + 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
    + 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
    + 2009-09-09 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
    + 2009-09-09 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2006-06-22 21:06 . 2008-04-17 07:43 2560 c:\windows\system32\msimsg.dll
    + 2007-02-02 10:00 . 2007-02-02 10:00 9464 c:\windows\system32\drivers\cdralw2k.sys
    + 2007-02-02 10:00 . 2007-02-02 10:00 9336 c:\windows\system32\drivers\cdr4_xp.sys
    + 2008-04-17 07:43 . 2008-04-17 07:43 2560 c:\windows\system32\dllcache\msimsg.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll
    + 2009-09-04 04:09 . 2004-08-04 19:00 2944 c:\windows\system32\dllcache\cache\null.sys
    + 2009-09-04 04:09 . 2004-08-04 19:00 4224 c:\windows\system32\dllcache\cache\beep.sys
    - 2006-06-23 04:16 . 2007-01-02 21:29 8192 c:\windows\Microsoft.Net\Framework\v1.0.3705\IEExec.exe
    + 2006-06-23 04:16 . 2009-06-29 16:57 8192 c:\windows\Microsoft.Net\Framework\v1.0.3705\IEExec.exe
    + 2009-11-15 22:39 . 2009-11-15 22:39 3638 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
    + 2006-11-11 00:46 . 2009-10-17 08:08 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-11-11 00:46 . 2008-11-13 09:06 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-06-20 04:39 . 2009-09-02 11:32 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2007-06-20 04:39 . 2009-12-10 09:06 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-10-17 17:23 . 2009-10-17 17:23 6318 c:\windows\Installer\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}\ICO_ARPProductIcon.exe
    + 2009-10-17 08:17 . 2009-10-17 08:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-10-17 08:02 . 2007-01-02 21:29 8192 c:\windows\$NtUninstallKB953295$\ieexec.exe
    - 2009-08-06 08:12 . 2009-08-06 08:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2006-12-02 04:54 . 2006-12-02 04:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    + 2006-12-02 04:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    - 2006-12-02 04:54 . 2006-12-02 04:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2006-12-02 04:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    - 2006-12-02 04:54 . 2006-12-02 04:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-12-02 04:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
    + 2006-06-23 04:17 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
    + 2006-06-22 21:07 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
    + 2006-06-22 21:07 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2006-06-22 21:07 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
    - 2006-06-22 21:07 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
    + 2006-06-22 21:06 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
    + 2007-04-04 23:08 . 2007-04-04 23:08 158456 c:\windows\system32\pxwma.dll
    + 2007-04-04 23:08 . 2007-04-04 23:08 379640 c:\windows\system32\PxWave.dll
    + 2007-04-04 23:08 . 2007-04-04 23:08 187128 c:\windows\system32\PxMas.dll
    + 2007-05-01 22:48 . 2007-05-01 22:48 118520 c:\windows\system32\pxinsi64.exe
    + 2009-06-18 07:02 . 2009-06-18 07:02 559600 c:\windows\system32\pxdrv.dll
    + 2007-05-01 22:48 . 2007-05-01 22:48 120056 c:\windows\system32\pxcpyi64.exe
    + 2007-04-04 23:08 . 2007-04-04 23:08 551672 c:\windows\system32\Px.dll
    + 2006-06-22 21:06 . 2009-12-10 09:25 445472 c:\windows\system32\perfh009.dat
    - 2006-06-22 21:06 . 2009-08-06 08:13 445472 c:\windows\system32\perfh009.dat
    - 2007-04-25 08:41 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
    + 2007-04-25 08:41 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
    + 2008-01-14 16:41 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
    + 2008-01-14 16:41 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
    + 2002-01-05 09:37 . 2002-01-05 09:37 344064 c:\windows\system32\msvcr70.dll
    + 2002-01-05 09:40 . 2002-01-05 09:40 487424 c:\windows\system32\msvcp70.dll
    + 2006-06-22 21:06 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
    + 2006-06-22 21:06 . 2008-05-19 12:33 332800 c:\windows\system32\msihnd.dll
    + 2006-11-08 02:03 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
    - 2006-11-08 02:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
    + 2002-01-05 10:36 . 2002-01-05 10:36 964608 c:\windows\system32\mfc70u.dll
    + 2002-01-05 10:48 . 2002-01-05 10:48 974848 c:\windows\system32\mfc70.dll
    + 2006-06-22 21:06 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
    + 2006-06-22 21:06 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
    - 2006-06-22 21:06 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
    + 2006-06-22 21:06 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
    + 2009-12-16 12:47 . 2009-10-11 10:17 149280 c:\windows\system32\javaws.exe
    + 2009-12-16 12:47 . 2009-10-11 10:17 145184 c:\windows\system32\javaw.exe
    + 2009-12-16 12:47 . 2009-10-11 10:17 145184 c:\windows\system32\java.exe
    + 2006-06-22 21:06 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
    - 2006-06-22 21:06 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
    + 2007-04-25 08:41 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
    + 2006-06-22 21:06 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
    - 2006-06-22 21:06 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
    + 2006-06-22 21:13 . 2009-12-06 21:54 264616 c:\windows\system32\FNTCACHE.DAT
    + 2009-11-27 18:01 . 2006-12-04 15:36 203264 c:\windows\system32\DRVSTORE\PCLEBend_751CCE8DB684339E3B7C1F674E51E7966E991B50\bender.sys
    + 2009-11-27 18:01 . 2005-09-24 04:18 171520 c:\windows\system32\DRVSTORE\MarvinBus_D2243026170F338889EB365780A159A73F977997\MarvinBus.sys
    + 2007-12-16 15:53 . 2009-07-16 17:32 120136 c:\windows\system32\drivers\Mpfp.sys
    + 2007-12-16 15:54 . 2009-09-16 15:22 214664 c:\windows\system32\drivers\mfehidk.sys
    + 2006-06-23 04:17 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
    + 2006-06-23 04:17 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
    + 2006-06-23 04:17 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
    + 2006-06-22 21:07 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
    + 2007-01-04 14:05 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
    + 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2009-09-09 03:26 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
    + 2006-08-21 15:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
    - 2006-08-21 15:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
    + 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
    - 2006-10-17 17:04 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 17:04 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
    + 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
    + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2008-05-19 12:33 . 2008-05-19 12:33 332800 c:\windows\system32\dllcache\msihnd.dll
    - 2007-06-01 04:03 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
    + 2007-06-01 04:03 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-04-16 23:46 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    + 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
    - 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
    - 2009-06-25 01:13 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-06-25 01:13 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
    - 2007-01-04 14:05 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2007-01-04 14:05 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-11-07 08:27 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:26 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2006-11-07 08:26 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
    + 2009-09-04 04:09 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
    + 2009-09-04 04:09 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\cache\wininet.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 185856 c:\windows\system32\dllcache\cache\upnphost.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
    + 2009-09-04 04:09 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
    + 2009-09-04 04:09 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\cache\srsvc.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
    + 2009-09-04 04:09 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
    + 2009-09-04 04:09 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\cache\scecli.dll
    + 2009-09-04 04:09 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\cache\qmgr.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
    + 2009-09-04 04:09 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
    + 2009-09-04 04:09 . 2008-04-14 00:12 198144 c:\windows\system32\dllcache\cache\netman.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\cache\netlogon.dll
    + 2009-09-04 04:09 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
    + 2009-09-04 04:09 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
    + 2009-09-04 04:09 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
    + 2009-09-04 04:09 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll
    + 2009-09-04 04:09 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
    + 2009-09-04 04:09 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
    - 2009-06-25 11:29 . 2009-06-25 11:29 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2009-06-25 11:29 . 2009-12-19 17:56 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2007-09-04 18:04 . 2007-09-04 18:04 113136 c:\windows\system32\cdrtc.dll
    + 2007-09-04 18:04 . 2007-09-04 18:04 100848 c:\windows\system32\cdral.dll
    + 2009-08-30 15:58 . 2009-06-30 02:37 507904 c:\windows\system32\btwapi.dll
    + 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordacwks.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorld.dll
    - 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorld.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorjit.dll
    - 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorjit.dll
    + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_isapi.dll
    - 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_isapi.dll
    + 2006-06-23 04:16 . 2009-06-24 02:59 303104 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorjit.dll
    - 2006-06-23 04:16 . 2004-07-20 08:54 303104 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorjit.dll
    + 2006-06-23 04:16 . 2009-06-24 03:12 200704 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_isapi.dll
    - 2006-06-23 04:16 . 2008-04-13 16:09 200704 c:\windows\Microsoft.Net\Framework\v1.0.3705\aspnet_isapi.dll
    + 2009-11-25 09:01 . 2009-11-25 09:01 429568 c:\windows\Installer\dbd6c7.msi
    + 2009-03-13 22:08 . 2009-03-13 22:08 585728 c:\windows\Installer\BBMediaSyncUninstall.exe
    + 2009-10-17 17:23 . 2009-10-17 17:23 974848 c:\windows\Installer\1de62f9.msi
    + 2009-09-09 21:40 . 2009-09-09 21:40 632320 c:\windows\Installer\10c488fa.msp
    + 2009-03-06 04:10 . 2009-12-06 22:08 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
    - 2009-03-06 04:10 . 2009-03-06 04:10 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 234792 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\Studio.exe
    + 2009-11-27 17:59 . 2009-11-27 17:59 439592 c:\windows\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_GuidedTour.exe
    + 2006-11-11 00:46 . 2009-10-17 08:08 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-11-11 00:46 . 2008-11-13 09:06 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-11-11 00:37 . 2009-09-02 11:31 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2006-11-11 00:37 . 2009-09-02 11:30 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2006-11-11 00:37 . 2009-12-19 09:01 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-06-20 04:39 . 2009-12-10 09:06 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-06-20 04:39 . 2009-09-02 11:32 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-06-20 04:39 . 2009-12-10 09:06 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
    - 2007-06-20 04:39 . 2009-09-02 11:32 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
    + 2009-11-27 18:54 . 2009-11-27 18:54 234792 c:\windows\Installer\{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}\ARPPRODUCTICON.exe
    + 2007-04-19 18:53 . 2007-04-19 18:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
    + 2007-05-10 19:35 . 2007-05-10 19:35 120160 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
    + 2006-10-27 01:49 . 2006-10-27 01:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
    + 2009-11-04 09:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
    + 2009-11-04 09:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
    + 2009-12-10 09:04 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
    + 2009-12-10 09:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
    + 2009-12-10 09:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
    + 2009-12-10 09:04 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
    + 2009-12-10 09:04 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
    + 2009-10-23 08:01 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
    + 2009-10-23 08:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
    + 2009-10-23 08:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
    + 2009-10-23 08:01 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
    + 2009-10-23 08:01 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
    + 2009-09-09 08:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2009-09-09 08:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2009-09-09 08:00 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
    + 2008-10-24 15:14 . 2008-10-24 15:14 488736 c:\windows\Downloaded Program Files\isusweb.dll
    + 2009-01-05 21:44 . 2009-01-05 21:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
    + 2009-08-04 20:06 . 2009-08-04 20:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
    + 2009-01-05 21:44 . 2009-12-16 23:41 142848 c:\windows\BDOSCAN8\libfn.dll
    + 2009-01-05 21:44 . 2009-01-05 21:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
    + 2009-01-05 21:44 . 2009-12-19 01:00 107800 c:\windows\BDOSCAN8\bdcore.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9937a6b3\System.Drawing.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d19ddafa\System.Drawing.Design.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_047e6c67\CustomMarshalers.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
    + 2009-10-17 08:22 . 2009-10-17 08:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
    + 2009-10-17 08:23 . 2009-10-17 08:23 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
    + 2009-10-17 08:23 . 2009-10-17 08:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
    + 2009-10-17 08:24 . 2009-10-17 08:24 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
    + 2009-10-17 08:21 . 2009-10-17 08:21 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
    + 2009-10-17 08:24 . 2009-10-17 08:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
  • edited December 2009
    c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-08-06 08:12 . 2009-08-06 08:13 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-09-30 09:59 . 2009-09-30 09:59 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
    + 2009-10-17 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
    + 2009-10-17 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
    + 2009-10-17 08:01 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
    + 2009-10-17 08:08 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
    + 2009-10-17 08:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
    + 2009-10-17 08:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
    + 2009-10-17 08:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
    + 2009-10-17 08:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
    + 2009-11-12 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
    + 2009-11-12 09:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
    + 2009-10-17 08:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
    + 2009-10-17 08:09 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
    + 2009-09-09 08:02 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
    + 2009-09-09 08:02 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
    + 2009-09-28 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
    + 2009-09-28 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
    + 2009-09-28 08:01 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
    + 2009-09-28 08:01 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll
    + 2009-09-28 08:01 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll
    + 2009-09-28 08:01 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll
    + 2009-10-17 08:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
    + 2009-10-17 08:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
    + 2009-09-09 08:01 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
    + 2009-09-09 08:01 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
    + 2009-09-09 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
    + 2009-10-17 08:08 . 2006-10-19 02:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
    + 2009-10-17 08:08 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
    + 2009-10-17 08:08 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
    + 2009-10-17 08:02 . 2009-04-13 18:42 371424 c:\windows\$NtUninstallKB953295$\spuninst\updspapi.dll
    + 2009-10-17 08:02 . 2009-04-13 18:42 213216 c:\windows\$NtUninstallKB953295$\spuninst\spuninst.exe
    + 2009-10-17 08:02 . 2004-07-20 08:54 303104 c:\windows\$NtUninstallKB953295$\mscorjit.dll
    + 2009-10-17 08:02 . 2008-04-13 16:09 200704 c:\windows\$NtUninstallKB953295$\aspnet_isapi.dll
    + 2009-11-04 09:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976749-IE8\update\updspapi.dll
    + 2009-11-04 09:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976749-IE8\update\update.exe
    + 2009-11-04 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976749-IE8\spuninst.exe
    + 2009-10-17 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
    + 2009-10-17 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
    + 2009-10-17 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
    + 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
    + 2009-10-23 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE8\update\updspapi.dll
    + 2009-10-23 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB974455-IE8\update\update.exe
    + 2009-10-23 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB974455-IE8\spuninst.exe
    + 2009-10-22 09:31 . 2009-08-29 08:01 916480 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 206848 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\occache.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 594432 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeeds.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 246272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieproxy.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 184320 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iepeers.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 387584 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iedkcs32.dll
    + 2009-10-22 09:31 . 2009-08-28 10:07 173056 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ie4uinit.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
    + 2009-10-17 08:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
    + 2009-10-17 08:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
    + 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
    + 2009-10-17 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
    + 2009-10-17 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
    + 2009-10-17 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
    + 2009-09-09 08:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
    + 2009-09-09 08:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
    + 2009-09-09 08:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
    + 2009-09-09 03:25 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
    + 2009-10-17 08:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
    + 2009-10-17 08:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
    + 2009-10-17 08:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
    + 2009-11-12 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
    + 2009-11-12 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
    + 2009-11-12 09:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
    + 2009-10-17 08:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
    + 2009-10-17 08:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
    + 2009-10-17 08:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
    + 2009-09-28 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
    + 2009-09-28 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
    + 2009-09-28 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
    + 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
    + 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
    + 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
    + 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
    + 2009-09-09 08:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
    + 2009-09-09 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
    + 2009-09-09 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
    + 2009-09-09 03:26 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
    + 2009-10-16 14:40 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
    + 2007-11-07 07:19 . 2007-11-07 07:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
    + 2006-12-02 06:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
    - 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
    + 2006-12-02 06:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
    - 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
    + 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
    + 2006-06-23 04:17 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
    + 2006-06-22 21:07 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
    - 2006-06-22 21:07 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll
    + 2006-06-22 21:07 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
    + 2009-05-09 06:14 . 2009-05-09 06:14 1418120 c:\windows\system32\wdfcoinstaller01005.dll
    - 2006-06-22 21:06 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
    + 2006-06-22 21:06 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
    + 2007-09-09 19:57 . 2009-12-06 21:53 5149284 c:\windows\system32\Restore\rstrlog.dat
    + 2006-06-22 21:06 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
    - 2006-06-22 21:06 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
    + 2006-06-22 21:06 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
    - 2006-06-22 21:06 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
    - 2004-08-04 05:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
    + 2004-08-04 05:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
    + 2008-08-30 02:06 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
    + 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
    + 2006-06-22 21:06 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
    + 2006-06-22 21:06 . 2008-05-19 12:33 4445184 c:\windows\system32\msi.dll
    + 2006-06-22 21:06 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
    - 2006-10-17 16:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
    + 2006-10-17 16:57 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
    + 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL
    + 2006-06-23 04:17 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
    - 2006-06-22 21:07 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
    + 2006-06-22 21:07 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
    + 2008-10-15 08:46 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
    + 2007-01-25 12:24 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
    - 2007-01-25 12:24 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
    + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
    + 2008-10-15 08:46 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-10-15 08:46 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-15 08:46 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2008-10-15 08:46 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-10-15 08:46 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-10-15 08:46 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-10-15 08:46 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-08-22 19:37 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
    + 2006-09-13 05:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2008-05-19 12:33 . 2008-05-19 12:33 4445184 c:\windows\system32\dllcache\msi.dll
    + 2007-01-04 14:05 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
    + 2007-06-01 04:03 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
    - 2007-06-01 04:03 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
    + 2009-09-04 04:09 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
    + 2009-09-04 04:09 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
    + 2009-09-04 04:09 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\cache\mshtml.dll
    + 2009-09-04 04:09 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
    + 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorwks.dll
    + 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorlib.dll
    - 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorlib.dll
    + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Web.dll
    - 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Web.dll
    - 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.dll
    + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorwks.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorwks.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsvr.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsvr.dll
    + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorlib.dll
    - 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorlib.dll
    - 2006-06-23 04:16 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.Net\Framework\v1.0.3705\System.Web.dll
    + 2006-06-23 04:16 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.Net\Framework\v1.0.3705\System.Web.dll
    - 2006-06-23 04:16 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorwks.dll
    + 2006-06-23 04:16 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorwks.dll
    + 2006-06-23 04:16 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorsvr.dll
    - 2006-06-23 04:16 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorsvr.dll
    + 2006-06-23 04:16 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorlib.dll
    - 2006-06-23 04:16 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscorlib.dll
    + 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\6e62073.msp
    + 2009-10-22 18:46 . 2009-10-22 18:46 6821888 c:\windows\Installer\6bcdd1e.msp
    + 2009-08-18 18:58 . 2009-08-18 18:58 8301056 c:\windows\Installer\6bcdd0c.msp
    + 2009-10-07 00:40 . 2009-10-07 00:40 7681024 c:\windows\Installer\6bcdd03.msp
    + 2009-10-22 18:28 . 2009-10-22 18:28 5521408 c:\windows\Installer\6bcdcf1.msp
    + 2009-11-27 18:01 . 2009-11-27 18:01 8116736 c:\windows\Installer\533b6.msi
    + 2009-08-21 15:14 . 2009-08-21 15:14 8363008 c:\windows\Installer\1cf3a99a.msp
    + 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\1cf3a978.msp
    + 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\1cf3a966.msp
    + 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\1cf3a94b.msp
    + 2009-09-21 21:53 . 2009-09-21 21:53 5518848 c:\windows\Installer\1cf3a922.msp
    + 2009-11-15 22:40 . 2009-11-15 22:40 1135616 c:\windows\Installer\11860442.msi
    + 2009-11-20 21:00 . 2009-11-20 21:00 5521408 c:\windows\Installer\10c48917.msp
    + 2009-12-17 04:58 . 2009-12-17 04:58 5382144 c:\windows\Installer\10140c2.msp
    + 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FM20.DLL
    + 2009-02-05 16:36 . 2009-02-05 16:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
    + 2009-11-04 09:00 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
    + 2009-12-10 09:04 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
    + 2009-12-10 09:04 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
    + 2009-10-23 08:01 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
    + 2009-10-23 08:01 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
    + 2008-10-15 08:46 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2008-10-15 08:46 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-15 08:46 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-10-15 08:46 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-15 08:46 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-15 08:46 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-10-15 08:46 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-10-17 08:07 . 2009-10-17 08:07 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a2817e01\System.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_858eaa0c\System.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e0cc1b4d\System.Xml.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b9d25e6d\System.Xml.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_989c8875\System.Windows.Forms.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_91a2941e\System.Windows.Forms.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_43ad3103\System.Drawing.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_abb66640\System.Design.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9f8c25d1\System.Design.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aba61fa4\mscorlib.dll
    + 2009-10-17 08:07 . 2009-10-17 08:07 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_505c7a96\mscorlib.dll
    + 2009-10-17 08:03 . 2009-10-17 08:03 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_87320352\System.Xml.dll
    + 2009-10-17 08:03 . 2009-10-17 08:03 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_a5eaac3d\System.Design.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 2710016 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\1ee77cca907c692e0c0cd442d1a1d2bd\ZuneShell.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 1465856 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\206041ddd316feb6f0dd8f14f6d82edc\ZuneDBApi.ni.dll
    + 2009-10-17 08:19 . 2009-10-17 08:19 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 5114368 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\46b9fa3126c5342d6a176c59e9ad715f\UIX.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 2041856 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\b86ff5174dc0cd0b58922369f292992e\UIX.RenderApi.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
    + 2009-10-17 08:19 . 2009-10-17 08:19 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
    + 2009-10-17 08:23 . 2009-10-17 08:24 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
    + 2009-10-17 08:23 . 2009-10-17 08:23 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
    + 2009-10-17 08:27 . 2009-10-17 08:27 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
    + 2009-10-17 08:25 . 2009-10-17 08:25 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
    + 2009-10-17 08:19 . 2009-10-17 08:19 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-10-17 08:16 . 2009-10-17 08:16 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-08-06 08:12 . 2009-08-06 08:12 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-10-17 08:17 . 2009-10-17 08:17 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2009-08-06 08:13 . 2009-08-06 08:13 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2007-07-12 17:48 . 2007-07-12 17:48 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2009-10-17 08:06 . 2009-10-17 08:06 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-07-12 17:48 . 2007-07-12 17:48 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-17 08:03 . 2009-10-17 08:03 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-02-11 14:36 . 2009-02-11 14:36 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-17 08:05 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
    + 2009-10-17 08:05 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
    + 2009-10-17 08:05 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
    + 2009-10-17 08:05 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
    + 2009-11-12 09:01 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
    + 2009-10-17 08:09 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
    + 2009-09-09 08:02 . 2008-06-18 11:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
    + 2009-10-17 08:02 . 2007-01-02 21:40 1200128 c:\windows\$NtUninstallKB953295$\system.web.dll
    + 2009-10-17 08:02 . 2007-12-17 11:59 2281472 c:\windows\$NtUninstallKB953295$\mscorwks.dll
    + 2009-10-17 08:02 . 2007-12-17 11:58 2273280 c:\windows\$NtUninstallKB953295$\mscorsvr.dll
    + 2009-10-17 08:02 . 2007-01-02 21:21 1998848 c:\windows\$NtUninstallKB953295$\mscorlib.dll
    + 2009-11-04 05:16 . 2009-10-22 09:18 5943296 c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 1209344 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\urlmon.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 5942272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
    + 2009-10-22 09:31 . 2009-08-29 08:01 1986048 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iertutil.dll
    + 2009-10-16 14:36 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    + 2009-10-16 14:36 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
    + 2009-08-04 23:47 . 2009-08-04 23:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    + 2009-10-16 14:36 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
    + 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
    + 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
    + 2007-03-06 03:25 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
    + 2006-11-08 02:03 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
    + 2007-06-01 04:03 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
    + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.Net\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
    + 2009-04-04 12:35 . 2009-04-04 12:35 38325760 c:\windows\Installer\d7dac24.msp
    + 2009-11-04 02:16 . 2009-11-04 02:16 14316032 c:\windows\Installer\d18be63.msi
    + 2009-09-09 08:01 . 2009-09-09 08:01 15709696 c:\windows\Installer\6e62062.msp
    + 2009-11-27 17:59 . 2009-11-27 17:59 26497024 c:\windows\Installer\533ae.msi
    + 2009-11-27 18:54 . 2009-11-27 18:54 11393024 c:\windows\Installer\43782b.msi
    + 2009-10-30 22:52 . 2009-10-30 22:53 17000448 c:\windows\Installer\1fc894f3.msi
    + 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\1cf3a9a4.msp
    + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\1cf3a93a.msp
    + 2009-11-15 22:39 . 2009-11-15 22:39 20369920 c:\windows\Installer\11860441.msi
    + 2009-12-10 09:04 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
    + 2009-10-23 08:01 . 2009-07-19 23:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
    + 2009-10-17 08:26 . 2009-10-17 08:26 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
    + 2009-10-17 08:24 . 2009-10-17 08:24 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
    + 2009-10-17 08:22 . 2009-10-17 08:22 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
    + 2009-10-17 08:21 . 2009-10-17 08:21 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
    + 2009-10-17 08:20 . 2009-10-17 08:20 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
    + 2009-10-17 08:19 . 2009-10-17 08:19 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
    + 2009-08-29 18:31 . 2009-08-29 18:31 11069952 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieframe.dll
  • edited December 2009
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
    "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-14 577536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SmartSoft PDF Printer (demo) Agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "SmartSoft PDF Printer (demo) virtual printer agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-04-08 75008]
    "RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-03-07 316672]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "USBToolTip"="c:\progra~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-1-20 507965]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-1-5 169472]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    2001-11-02 16:50 24636 ----a-w- c:\windows\system32\PCANotify.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/6/2009 6:58 PM 28552]
    R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [11/10/2006 6:27 PM 18816]
    R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [11/10/2006 6:27 PM 9600]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [9/4/2007 8:43 AM 20608]
    S3 PAC207;PC [EMAIL="Camer@;c:\windows\system32\drivers\PFC027.SYS"]Camer@;c:\windows\system32\drivers\PFC027.SYS[/EMAIL] [5/14/2007 10:26 AM 508288]
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.geoffreymason.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ya6i8z1o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

    **************************************************************************
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files:
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-2728128172-4184247038-823016758-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(920)
    c:\windows\system32\awgina.dll
    - - - - - - - > 'explorer.exe'(4416)
    c:\windows\system32\WININET.dll
    c:\program files\windows journal\nbmaptip.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-12-23 07:11:45
    ComboFix-quarantined-files.txt 2009-12-23 13:11
    ComboFix2.txt 2009-09-04 04:11
    Pre-Run: 5,234,651,136 bytes free
    Post-Run: 5,845,331,968 bytes free
    - - End Of File - - F7CB6D1AE7F94C9AC38E0EAE10DBA871
  • edited December 2009
    Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

    It's IMPORTANT to carry out the instructions in the sequence listed below.
    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Open *notepad* and copy/paste the text in the quotebox below into it:
    Folder::
    c:\documents and settings\Administrator\Local Settings\Application Data\jxjdhe
    

    Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


    CFScript.gif

    Refering to the picture above, drag CFScript.txt into ComboFix.exe


    When finished, it shall produce a log for you at C:\ComboFix.txt

    Please copy and paste the ComboFix.txt in your new reply.

    *Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*
  • edited December 2009
    Here is my ComboFix log.

    ComboFix 09-12-22.09 - Administrator 12/23/2009 10:23:52.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.337 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\jxjdhe
    .
    ((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
    .
    2009-12-21 01:40 . 2009-12-21 01:40 0 ----a-w- c:\documents and settings\Administrator\settings.dat
    2009-12-21 01:40 . 2009-12-21 01:40 464491 ----a-w- C:\RootRepeal.zip
    2009-12-16 23:41 . 2009-12-20 04:25
    d
    w- c:\windows\BDOSCAN8
    2009-12-16 12:44 . 2009-12-16 12:44 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-07 00:58 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-12-07 00:58 . 2009-12-07 00:58
    d
    w- c:\program files\Panda Security
    2009-12-06 21:52 . 2009-12-06 21:52
    d
    w- c:\windows\system32\wbem\Repository
    2009-12-06 21:52 . 2009-12-07 00:38
    d
    w- c:\program files\QuickTime
    2009-12-06 21:51 . 2009-12-06 22:08
    d
    w- c:\program files\iPod
    2009-12-06 21:51 . 2009-12-06 22:08
    d
    w- c:\program files\iTunes
    2009-12-06 21:51 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-12-06 21:51 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\Research In Motion
    2009-12-06 21:50 . 2009-12-06 21:50
    d
    w- c:\program files\Roxio
    2009-12-06 21:50 . 2009-12-06 21:50
    d
    w- c:\program files\Common Files\Sonic Shared
    2009-12-05 22:34 . 2009-12-05 22:34
    d
    w- c:\documents and settings\LocalService\IETldCache
    2009-12-05 21:58 . 2009-12-06 21:49
    d
    w- c:\program files\Common Files\Sonic Shared(2)
    2009-12-05 21:58 . 2009-12-06 21:49
    d
    w- c:\program files\Roxio(2)
    2009-12-05 21:47 . 2009-12-06 21:51
    d
    w- c:\documents and settings\All Users\Application Data\Research In Motion(2)
    2009-12-04 13:26 . 2009-12-06 21:51
    d
    w- c:\program files\iPod(2)
    2009-12-04 13:26 . 2009-12-06 21:51
    d
    w- c:\program files\iTunes(2)
    2009-12-04 13:26 . 2009-12-04 13:27
    d
    w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-04 13:22 . 2009-12-06 21:52
    d
    w- c:\program files\QuickTime(2)
    2009-11-29 12:30 . 2009-11-29 12:30 151664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-27 19:52 . 2009-11-27 19:52
    d
    w- c:\documents and settings\Administrator\Application Data\DivX
    2009-11-27 18:54 . 2004-03-29 23:23 90112 ----a-w- c:\windows\unvise32.exe
    2009-11-27 18:01 . 2009-11-27 18:01 29926 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
    2009-11-27 18:01 . 2005-09-24 04:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
    2009-11-27 18:00 . 2009-11-27 18:00
    d
    w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
    2009-11-27 18:00 . 2009-11-27 18:00
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\program files\Common Files\Pegasus Imaging
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\program files\Common Files\Yahoo!
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\documents and settings\All Users\Application Data\Studio 14
    2009-11-27 17:52 . 2009-11-27 17:52
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
    2009-11-27 16:43 . 2009-11-27 16:48
    d
    w- c:\documents and settings\All Users\Studio14Trial
    2009-11-27 14:19 . 2009-11-27 14:19
    d
    w- c:\program files\Pure Motion
    2009-11-27 14:19 . 2009-11-27 14:19
    d
    w- c:\program files\Sonic Foundry
    2009-11-27 14:19 . 2009-12-07 02:04
    d
    w- c:\program files\DebugMode
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-23 12:58 . 2007-01-28 20:10 72784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-12-19 19:37 . 2006-06-22 21:07 874240 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
    2009-12-19 19:37 . 2006-06-22 21:07 874240 ----a-w- c:\windows\system32\drivers\iaStor.svs
    2009-12-16 12:47 . 2006-11-11 00:34
    d
    w- c:\program files\Java
    2009-12-16 12:44 . 2009-11-21 05:01 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-14 02:41 . 2009-09-03 11:55
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-08 03:43 . 2009-11-17 01:42
    d
    w- c:\documents and settings\Administrator\Application Data\Move Networks
    2009-12-07 00:39 . 2008-01-14 04:46
    d
    w- c:\program files\Windows Live
    2009-12-06 21:55 . 2009-11-15 22:37
    d
    w- c:\documents and settings\All Users\Application Data\Roxio
    2009-12-06 21:52 . 2009-03-06 02:40
    d
    w- c:\program files\Safari
    2009-12-06 21:51 . 2008-02-01 04:20
    d
    w- c:\program files\Common Files\Apple
    2009-12-06 21:49 . 2009-10-17 17:20
    d
    w- c:\program files\Common Files\Roxio Shared
    2009-12-04 13:40 . 2008-02-01 04:23
    d
    w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2009-12-04 13:18 . 2008-02-01 04:01
    d
    w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-03 22:14 . 2009-09-03 11:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 22:13 . 2009-09-03 11:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-03 02:05 . 2008-12-13 00:04
    d
    w- c:\documents and settings\Administrator\Application Data\LimeWire
    2009-11-27 18:54 . 2009-03-03 04:20
    d
    w- c:\program files\Pinnacle
    2009-11-27 18:01 . 2009-03-03 04:20
    d
    w- c:\program files\Common Files\Pinnacle
    2009-11-27 17:59 . 2009-03-03 04:20
    d
    w- c:\documents and settings\All Users\Application Data\Pinnacle
    2009-11-25 05:01 . 2007-12-16 15:53
    d
    w- c:\program files\McAfee
    2009-11-22 23:14 . 2009-03-03 05:43
    d
    w- c:\program files\FormatFactory
    2009-11-17 01:42 . 2009-11-17 01:42 143976 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
    2009-11-17 01:42 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll
    2009-11-16 01:48 . 2009-10-17 17:30 256 ----a-w- c:\windows\system32\pool.bin
    2009-11-15 22:52 . 2009-11-15 22:52
    d
    w- c:\documents and settings\LocalService\Application Data\Roxio
    2009-11-15 22:52 . 2009-11-15 22:52
    d
    w- c:\documents and settings\Administrator\Application Data\Roxio
    2009-11-15 22:40 . 2009-11-15 22:40
    d
    w- c:\documents and settings\All Users\Application Data\Sonic
    2009-11-15 22:34 . 2009-11-15 22:15 139535704 ----a-w- c:\documents and settings\Administrator\Application Data\Research In Motion\BlackBerry\SR_MM_English.exe
    2009-11-04 02:16 . 2009-11-04 02:16 26694 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{566247B6-72EC-4E5F-B9B4-2B20C753688D}\BlackBerry.exe
    2009-11-04 02:16 . 2009-05-01 11:26
    d
    w- c:\program files\Common Files\Research in Motion
    2009-10-30 22:46 . 2009-10-30 22:46
    d
    w- c:\documents and settings\All Users\Application Data\InstallShield
    2009-10-30 22:46 . 2009-10-30 22:46
    d
    w- c:\documents and settings\Administrator\Application Data\InstallShield
    2009-10-29 07:45 . 2006-06-22 21:07 916480
    w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2006-06-22 21:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2006-06-22 21:06 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-10-13 10:30 . 2006-06-22 21:06 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2006-06-22 21:06 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2006-06-22 21:06 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-11 10:17 . 2008-12-13 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
    2008-08-05 11:12 . 2008-08-05 11:12 206 ----a-w- c:\program files\Shortcut to CD Drive.lnk
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
    "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-14 577536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SmartSoft PDF Printer (demo) Agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "SmartSoft PDF Printer (demo) virtual printer agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-04-08 75008]
    "RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-03-07 316672]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "USBToolTip"="c:\progra~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-1-20 507965]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-1-5 169472]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    2001-11-02 16:50 24636 ----a-w- c:\windows\system32\PCANotify.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/6/2009 6:58 PM 28552]
    R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [11/10/2006 6:27 PM 18816]
    R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [11/10/2006 6:27 PM 9600]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [9/4/2007 8:43 AM 20608]
    S3 PAC207;PC [EMAIL="Camer@;c:\windows\system32\drivers\PFC027.SYS"]Camer@;c:\windows\system32\drivers\PFC027.SYS[/EMAIL] [5/14/2007 10:26 AM 508288]
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.geoffreymason.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ya6i8z1o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-23 10:29
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-2728128172-4184247038-823016758-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(920)
    c:\windows\system32\awgina.dll
    - - - - - - - > 'explorer.exe'(5544)
    c:\windows\system32\WININET.dll
    c:\program files\windows journal\nbmaptip.dll
    c:\windows\system32\ieframe.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-12-23 10:32:18
    ComboFix-quarantined-files.txt 2009-12-23 16:31
    ComboFix2.txt 2009-12-23 13:11
    ComboFix3.txt 2009-09-04 04:11
    Pre-Run: 5,856,354,304 bytes free
    Post-Run: 5,834,219,520 bytes free
    - - End Of File - - 316CE14767FC6E6D1FE3309DD13313F7
  • edited December 2009
    OK....let's have you go HERE to run Panda ActiveScan 2.0
    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply.


    Also let me know how your PC is running now.
  • edited December 2009
    The PC is running better now, I haven't experienced any random redirects. I did have to run ActiveScan in Safe Mode because it was automatically rebooting in the middle of the scan. Once I ran it in Safe Mode it completed. Here is the ActiveScan log.

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-12-25 19:35:03
    PROTECTIONS: 1
    MALWARE: 22
    SUSPECTS: 11
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee VirusScan No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@trafficmp[2].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@trafficmp[1].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@casalemedia[3].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@casalemedia[2].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@casalemedia[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[7].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[3].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[5].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[4].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@doubleclick[6].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[4].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[3].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ca2aakms.txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[9].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[8].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[11].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@caxdd4q0.txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[7].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[6].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[5].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@atdmt[10].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[4].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[3].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[5].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[6].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@fastclick[2].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@fastclick[3].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@fastclick[4].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@fastclick[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[3].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[4].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[5].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[8].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[7].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@mediaplex[6].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@7search[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@azjmp[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[7].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[3].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[8].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[9].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[4].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[6].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[10].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[11].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[5].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[9].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[8].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[7].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[6].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[5].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[10].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[4].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[6].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[3].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[5].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@serving-sys[4].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[3].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[4].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[5].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[7].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bs.serving-sys[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ca5jx9d4.txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[11].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[9].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[8].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[7].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[6].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[5].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[4].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[3].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@advertising[10].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@statse.webtrendslive[3].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[5].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[8].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[7].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[6].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[4].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[3].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[9].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@ads.pointroll[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[5].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[4].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[3].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[1].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[6].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@overture[7].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[5].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[6].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[7].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[8].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[9].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[4].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[3].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[1].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[11].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@realmedia[2].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@questionmarket[3].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@questionmarket[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@questionmarket[2].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@questionmarket[4].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@zedo[3].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@zedo[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@zedo[4].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@bluestreak[1].txt
    00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@searchportal.information[1].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\documents and settings\administrator\local settings\temporary internet files\content.ie5\2irfq9ms\load[1].exe
    No c:\program files\support.com\uninstall\chsi_uninstaller.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100525.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100555.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100677.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100738.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100759.exe[32788r22fwjfw\pev.exe]
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100807.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp724\a0100883.exe
    No c:\system volume information\_restore{8bc79291-e322-403f-8e40-1fbd3fca0ebd}\rp726\a0101444.exe[32788r22fwjfw\pev.exe]
    No c:\windows\pev.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  • edited December 2009
    Download and run TFC by Oldtimer (http://oldtimer.geekstogo.com/TFC.exe)
    Then start the cleaning process.
    Note: Your computer may need to restart.

    ==============

    Next, let's uninstall ComboFix.
    Go to to Start > Run
    Type in box

    combofix /uninstall

    Note: the space between the X and the /uninstall

    Press Enter.

    This command will:

    Delete the following:
    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:\Deckard folder, if present
    The C:_OtMoveIt folder, if present

    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.
Sign In or Register to comment.