Google redirect and tdsskiller won't run

Solved
By kf4wto
Jan 7, 2011
Topic Status:
Not open for further replies.
  1. I have the Exact issue as http://www.techspot.com/vb/topic159112.html

    I have two iexplore.exe process running, which is not normal since I don't use iexplore.exe. After trying to remove them, they came back immediately. I even went as far as removing internet explorer to see if that did the trick. Each time the iexplore.exe executable was copied back into the folder and the processes ran again. Looking at the process in detail, it looks like it refers to www.clickleg.org and a few others.

    TDSSKiller does'nt start even when I attempt to rename it. I was able to run hackthis, dds, and a few others to generate logs but I haven't found anything that sticks out. Judging by the previous topic, Combofix fixed the problem but did not for me. Over the past couple of days I ran Malwarebytes (which did find lots of issues and corrected them), Combofix, Ccleaner, ATFCleaner, exctrlst. None of these fixed the problem. I noticed in History (without opening a website it comes up with clickleg.org, clickmultimedia, searchtart, search.us.bookmarks.com and cpcadnet. These show up in the today history seconds after I delete them. The two iexplore.exe running in task manager is doing it somehow. Thank you for any assistance you can provide.

    Added note: I have also turned off system restore and uninstalled AVG for purposes of fixing this issue.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help with the problem, but first have to get you away from a bad start.

    Turn your antivirus back on. Do not disable it unless a scan tells you specifically to do so. You leave the system vulnerable with no AV running.

    1. Turning System Restore off was a mistake. Sometimes, a system will become unstable and the only way to get into it is by using the SR. So we don't remove the restore points until after the system is clean.

    2. While you thing you may have the 'exact issue' as someone else, the help given to that person is for use only by that person. You don't pick out program to try out.

    3. If you have IE8, it is perfectly normal to have two or more iexplore.exe processes.
    ==========================================
    Where you need to start:

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Then you wait for me to review the logs. Please uninstall or disable the programs you downloaded trying to fix this on your own. I will give you the appropriate links and instructions for further scans as needed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. kf4wto

    kf4wto Topic Starter

    Update

    I installed and ran recommended Avira Anti-Virus, then ran a full scan. At the time it did not find anything, but during the other requested processes Avira came up with the following that I took the quarantine option:
    Begin scan in 'C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll'
    C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
    [DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4

    Beginning disinfection:
    C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
    [DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4
    [NOTE] The file was moved to the quarantine directory under the name '4f5dd1ed.qua'.

    Installed and ran TFC.
    Installed, updated and ran MBAM and received the following log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5475

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    1/7/2011 2:37:54 PM
    mbam-log-2011-01-07 (14-37-54).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 207336
    Time elapsed: 32 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Installed and ran GMER and received the following log:
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-07 14:42:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3750640A rev.3.AAE
    Running: khe0ofqr.exe; Driver: C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\fxtdapob.sys


    ---- Threads - GMER 1.0.15 ----

    Thread System [4:124] 872F453C
    Thread System [4:128] 872F652D

    ---- EOF - GMER 1.0.15 ----

    Installed and ran D.D.S. and received the following DDS/ATTACH:
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Larry Williams at 14:45:49.04 on Fri 01/07/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.548 [GMT -6:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Larry Williams\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    uPolicies-system: zwxinptvxqkymmzwdbdiTaskMgr = 0 (0x0)
    Trusted Zone: aol.com\free
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\larryw~1\applic~1\mozilla\firefox\profiles\wh9rbfaw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-7 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 61960]
    R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-14 91830]
    S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
    S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
    S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
    S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]

    =============== Created Last 30 ================

    2011-01-07 20:19:02 -------- d-----w- c:\docume~1\larryw~1\applic~1\Avira
    2011-01-07 19:54:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-07 19:54:49 -------- d-----w- c:\program files\Avira
    2011-01-07 19:54:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-01-07 15:45:44 -------- d-----w- c:\program files\ESET
    2011-01-07 13:22:34 -------- d--h--w- c:\windows\PIF
    2011-01-07 11:26:50 -------- d-----w- C:\ComboFix
    2011-01-06 14:39:21 -------- d-sha-r- C:\cmdcons
    2011-01-06 14:21:48 98816 ----a-w- c:\windows\sed.exe
    2011-01-06 14:21:48 89088 ----a-w- c:\windows\MBR.exe
    2011-01-06 14:21:48 256512 ----a-w- c:\windows\PEV.exe
    2011-01-06 14:21:48 161792 ----a-w- c:\windows\SWREG.exe
    2011-01-05 18:18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-05 18:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-05 18:18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-25 03:01:23 -------- d-----w- c:\program files\Microsoft IntelliType Pro

    ==================== Find3M ====================

    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-10-21 12:12:30 389120 ----a-w- c:\windows\system32\html.iec

    ============= FINISH: 14:51:58.40 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/14/2008 1:09:35 PM
    System Uptime: 1/7/2011 2:02:37 PM (0 hours ago)

    Motherboard: Dell Computer Corp. | | 0G0728
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 699 GiB total, 674.328 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Acrobat Reader 3.02
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.4
    AFPL Ghostscript 8.54
    AFPL Ghostscript Fonts
    Alarm 2.0.4
    Apple Application Support
    ATI - Software Uninstall Utility
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    Avira AntiVir Personal - Free Antivirus
    B57Inst
    BCM V.92 56K Modem
    BlueVoda Website Builder 10.2
    Broadcom Driver Installer
    Canon MP Navigator EX 1.2
    Canon MP190 series MP Drivers
    Canon MP190 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Spanish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Spanish
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Corel Applications
    Creative Audio Console
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Creative WebCam Center
    Creative WebCam Live! Driver (1.01.01.0730)
    Creative WebCam Live! User's Guide (English)
    Critical Update for Windows Media Player 11 (KB959772)
    Cross Fire En
    eFax Messenger 4.3
    ESET Online Scanner v3
    EverQuest II Extended
    Flash Slideshow Maker Pro 4.88
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Inkjet Printer/Scanner Extended Survey Program
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Ipswitch WS_FTP Professional 2007
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 21
    Magic DVD Ripper V5.5.0
    Malwarebytes' Anti-Malware
    Maxtor OneTouch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliType Pro 7.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    Microsoft PowerPoint Viewer 97
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mocha W32 TN5250
    Mozilla Firefox (3.5.3)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Musicnotes Software Suite 1.5.1
    Netscape (7.2)
    PokerStars
    QuickBooks 2000
    ReaConverter 5.5 Pro
    RealPlayer
    RealUpgrade 1.0
    Retrospect Express HD 1.0
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Skins
    SmartDraw 6
    Sonic CinePlayer DVD Pack
    Sound Blaster X-Fi
    Sounds Best On Sound Blaster
    StormPredator 3.01
    StormPredator 3.26
    StormPredator 3.3
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USB Storage Adapter FX (MXO)
    WebFldrs XP
    Windows Driver Package - KeyScan Image (11/01/2009 8.00.03)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    1/7/2011 8:50:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 8:49:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/7/2011 7:05:19 AM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0007E9E9E944 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
    1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
    1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 1:53:28 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    1/7/2011 1:53:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    1/7/2011 1:53:28 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    1/6/2011 2:31:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    ==== End Of File ===========================

    Downloaded and Installed all Windows Security and Critical updates. 81 Updates 15 failed. Deleted, downloaded and installed new Java and Adobe.

    During all of these processes and current, I keep receiving a pop-up error stating "Internet Explorer Has Encountered an Error. This is popping up every couple of minutes. The error it is showing is:
    C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\20db_appcompat.txt


    I do not have IE8 installed and the IE7 I do have installed I never use except for updates. I use Firefox for my browser and every time I open Firefox I receive "Firefox is not currently set as your default browser. Would you like to make it your default browser?" and take the "yes" option.

    Thank you again for your assistance.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Kind of hard to know where to start here! First, you were not required to install Avira. These directions say "if you don't have an antivirus...." and we then give 2 recommendations.
    ===============================================
    You've already got Eset on the system. Please update and run a new scan. Paste log in next reply.
    =============================================
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ===========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================================
    Please do not do any other installs or uninstalls unless I instruct you to and>>>>
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    =============================================
    I'm going to start fresh here. As for Firefox being the default:
    Open Firefox> tools> Options> Advanced tab> System Defaults> Check Always check to see if Firefox is the Default After you have finished saying Yes to the default>>>>>>

    Open Internet Connections in either the Control Panel or IE Tools>Programs tab> Uncheck IIE should check if it's the default browser> Click on Apply> OK.
    That should fix it. IE is very pushy and if you don't have that unchecked, you'll get hassled.
  5. kf4wto

    kf4wto Topic Starter

    update

    I ran Eset but since it found nothing it did not produce any kind of log or report. I do set Firefox as my default and it stays that way for a few minutes until that Iexplore.exe error pops up and then it will default back to IE as the default. Whatever the virus is that I have which forwards my google links is effecting this as well.

    I uninstalled and downloaded combofix. It ran and produced the following log:
    I have to split it into Three replies though since it is longer than 50k.

    =========================================================
    ComboFix 11-01-10.04 - Larry Williams 01/10/2011 12:43:00.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -6:00]
    Running from: c:\documents and settings\Larry Williams\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CFLog

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
    .

    2011-01-08 07:25 . 2011-01-08 07:25 -------- d-----w- c:\documents and settings\Larry Williams\Local Settings\Application Data\Temp
    2011-01-07 22:29 . 2011-01-07 22:29 -------- d-----w- c:\program files\Common Files\Java
    2011-01-07 22:29 . 2011-01-07 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-07 22:28 . 2011-01-07 22:28 -------- d-----w- c:\program files\Java
    2011-01-07 22:22 . 2011-01-07 22:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-01-07 21:31 . 2011-01-10 00:25 -------- d-----w- c:\windows\system32\NtmsData
    2011-01-07 21:09 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-07 21:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-07 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-07 21:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-01-07 21:05 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-07 21:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-01-07 21:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-01-07 21:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-01-07 21:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-01-07 20:57 . 2010-07-12 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-07 20:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-01-07 20:19 . 2011-01-07 20:19 -------- d-----w- c:\documents and settings\Larry Williams\Application Data\Avira
    2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\program files\Avira
    2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-01-07 19:54 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-07 19:54 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-07 19:54 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-01-07 19:54 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-01-07 15:45 . 2011-01-07 15:45 -------- d-----w- c:\program files\ESET
    2011-01-07 13:22 . 2011-01-07 13:22 -------- d--h--w- c:\windows\PIF
    2011-01-05 18:18 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-05 18:18 . 2011-01-07 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-05 18:18 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-25 03:01 . 2010-12-25 03:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-07 22:28 . 2010-09-18 10:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34 . 2009-10-13 13:40 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-10-21 12:12 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
    .

    ------- Sigcheck -------

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-01-06_15.11.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
    + 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
    + 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
    + 2004-08-04 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
    + 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
    + 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
    + 2010-03-31 06:16 . 2010-03-31 06:16 99176 c:\windows\system32\PresentationHostProxy.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
    + 2004-08-04 12:00 . 2011-01-07 21:26 71176 c:\windows\system32\perfc009.dat
    - 2004-08-04 12:00 . 2010-11-07 22:19 71176 c:\windows\system32\perfc009.dat
    + 2009-11-07 07:07 . 2009-11-07 07:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 11600 c:\windows\system32\mui\0409\mscorees.dll
    - 2008-02-14 19:04 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
    + 2008-02-14 19:04 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
    + 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
    + 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
    + 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
    + 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
    - 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
    + 2004-08-04 12:00 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
    + 2004-08-04 12:00 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
    - 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
    + 2007-08-14 00:36 . 2007-08-14 00:36 12288 c:\windows\system32\msfeedssync.exe
    + 2007-08-14 00:54 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
    + 2008-02-14 19:04 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
    - 2008-02-14 19:04 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
    + 2004-08-04 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
    + 2004-08-04 12:00 . 2007-08-14 00:44 40960 c:\windows\system32\licmgr10.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
    + 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
    + 2004-08-04 12:00 . 2007-08-14 00:39 92672 c:\windows\system32\inseng.dll
    + 2004-08-04 12:00 . 2007-08-14 00:36 36352 c:\windows\system32\imgutil.dll
    + 2007-08-14 00:39 . 2010-10-21 12:11 13824 c:\windows\system32\ieudinit.exe
    + 2004-08-04 12:00 . 2007-08-14 00:39 55296 c:\windows\system32\iesetup.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
    + 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
    - 2004-08-04 12:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
    + 2004-08-04 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
    + 2007-08-14 00:36 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
    + 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
    + 2011-01-07 19:54 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
    + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
    + 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
    + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
    + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
    + 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
    + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
    + 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
    - 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
    + 2004-08-04 12:00 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
    + 2004-08-04 12:00 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
    - 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
    + 2008-02-15 11:24 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
    + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
    + 2004-08-04 12:00 . 2007-08-14 00:44 40960 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
    + 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
    + 2004-08-04 12:00 . 2007-08-14 00:39 92672 c:\windows\system32\dllcache\inseng.dll
    + 2004-08-04 12:00 . 2007-08-14 00:36 36352 c:\windows\system32\dllcache\imgutil.dll
    + 2008-02-15 11:24 . 2010-10-21 12:11 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2008-02-15 11:24 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2004-08-04 12:00 . 2007-08-14 00:39 55296 c:\windows\system32\dllcache\iesetup.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
    + 2007-08-14 00:45 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
    + 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-02-15 11:24 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
    + 2008-02-14 19:05 . 2007-08-14 00:18 60416 c:\windows\system32\dllcache\hmmapi.dll
    + 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2007-08-14 00:42 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
    + 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
    + 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
    + 2004-08-04 12:00 . 2007-08-14 00:39 71680 c:\windows\system32\dllcache\admparse.dll
    + 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
    - 2011-01-05 00:09 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2011-01-07 20:08 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-02-14 19:10 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-02-14 19:10 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
    + 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
    - 2004-08-04 12:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
    + 2004-08-04 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
    - 2004-08-04 12:00 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
    + 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
    + 2004-08-04 12:00 . 2007-08-14 00:39 71680 c:\windows\system32\admparse.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2011-01-07 22:22 . 2011-01-07 22:22 28160 c:\windows\Installer\2dff8e.msi
    + 2011-01-07 21:13 . 2011-01-07 21:13 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
    + 2011-01-07 15:08 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
    + 2011-01-07 15:08 . 2007-08-14 00:39 13312 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
    + 2011-01-07 15:08 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
    + 2011-01-07 15:08 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
    + 2011-01-07 15:08 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
    + 2011-01-07 15:08 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
    + 2011-01-07 15:08 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB982381-IE7\corpol.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
    + 2011-01-07 15:09 . 2010-08-31 12:09 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
    + 2011-01-07 15:09 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
    + 2011-01-07 15:09 . 2010-09-08 15:57 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
    + 2011-01-07 15:09 . 2010-09-09 13:38 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
    + 2011-01-07 15:09 . 2010-04-16 13:24 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
    + 2011-01-07 15:09 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
    + 2011-01-07 15:09 . 2010-04-16 13:24 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
    + 2011-01-07 15:09 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
    + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
    + 2011-01-07 21:28 . 2011-01-07 21:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
    + 2011-01-07 21:28 . 2011-01-07 21:28 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-01-07 21:17 . 2011-01-07 21:17 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2009-04-08 10:34 . 2009-04-08 10:34 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-01-07 21:10 . 2008-04-14 00:12 56320 c:\windows\$NtUninstallKB959426$\secur32.dll
    + 2011-01-07 21:10 . 2008-04-14 00:12 91648 c:\windows\$NtUninstallKB952004$\mtxoci.dll
    + 2011-01-07 21:10 . 2008-04-14 00:12 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll
    + 2011-01-07 21:10 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll
    + 2011-01-07 15:07 . 2005-10-12 23:12 14048 c:\windows\$NtUninstallKB915865$\spmsg.dll
    + 2011-01-07 15:07 . 2005-10-12 23:12 22752 c:\windows\$NtUninstallKB915865$\spcustom.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB959426\spmsg.dll
    + 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll
    + 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
    + 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
    + 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
    + 2011-01-07 21:10 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB923561\update\spcustom.dll
    + 2011-01-07 21:10 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB923561\spmsg.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
    + 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-01-07 20:57 . 2008-05-03 11:55 2560 c:\windows\$hf_mig$\KB923561\SP3QFE\xpsp4res.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2008-02-15 11:23 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
    - 2008-02-15 11:23 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
    + 2008-02-14 19:05 . 2009-08-07 01:23 209624 c:\windows\system32\wuweb.dll
    - 2008-02-14 19:05 . 2009-08-07 00:23 209624 c:\windows\system32\wuweb.dll
    + 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
    + 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\wmpdxm.dll
    + 2004-08-04 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
    + 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
    + 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
    + 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
    + 2007-08-14 00:45 . 2007-08-14 00:45 206336 c:\windows\system32\winfxdocobj.exe
    + 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
    + 2004-08-04 12:00 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
    + 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
    - 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
    + 2004-08-04 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    - 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
    + 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
    + 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
    + 2004-08-04 12:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
    + 2004-08-04 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
    + 2010-03-31 06:10 . 2010-03-31 06:10 295264 c:\windows\system32\PresentationHost.exe
    + 2004-08-04 12:00 . 2011-01-07 21:26 441432 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2010-11-07 22:19 441432 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
    + 2004-08-04 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
    + 2004-08-04 12:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
    - 2008-02-14 19:04 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
    + 2008-02-14 19:04 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
    - 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
    + 2004-08-04 12:00 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
    + 2007-08-14 00:54 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
    + 2008-02-14 19:04 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
    - 2008-02-14 19:04 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
    + 2008-02-14 19:04 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
    - 2008-02-14 19:04 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
    + 2008-02-14 19:04 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 297808 c:\windows\system32\mscoree.dll
    - 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2006-10-19 02:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
    + 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\mfc42u.dll
    + 2004-08-04 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
    + 2004-08-04 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
    + 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
    + 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
    + 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
    + 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
    - 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
    + 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
    + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
    + 2011-01-07 22:29 . 2011-01-07 22:28 157472 c:\windows\system32\javaws.exe
    - 2010-09-18 10:19 . 2010-09-18 10:19 145184 c:\windows\system32\javaw.exe
    + 2011-01-07 22:29 . 2011-01-07 22:28 145184 c:\windows\system32\javaw.exe
    - 2010-09-18 10:19 . 2010-09-18 10:19 145184 c:\windows\system32\java.exe
    + 2011-01-07 22:29 . 2011-01-07 22:28 145184 c:\windows\system32\java.exe
    - 2008-02-14 19:05 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
    + 2008-02-14 19:05 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
    + 2007-08-14 00:54 . 2007-08-14 00:54 180736 c:\windows\system32\ieui.dll
    + 2007-08-14 00:34 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
    + 2007-07-11 18:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
    + 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\ieakeng.dll
    - 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
    + 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
    + 2004-08-04 12:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
    + 2004-08-04 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
    - 2008-02-14 19:05 . 2009-08-07 00:23 209624 c:\windows\system32\dllcache\wuweb.dll
    + 2008-02-14 19:05 . 2009-08-07 01:23 209624 c:\windows\system32\dllcache\wuweb.dll
    + 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
    + 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
    + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
    + 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
    + 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
    + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2008-02-14 19:05 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll
    + 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
    + 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
    - 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
    + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
    - 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2009-04-08 10:11 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
    + 2006-09-23 19:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
    - 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
    + 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
    + 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
    + 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
    + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
    + 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
    + 2004-08-04 12:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
    - 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
    + 2008-02-15 11:24 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
    + 2009-04-08 10:09 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
    + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
    - 2009-04-08 10:07 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-04-08 10:07 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
    + 2008-02-14 19:05 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
    + 2008-02-15 11:24 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-02-15 11:24 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
    + 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
    - 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
    + 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
  6. kf4wto

    kf4wto Topic Starter

    Part 2

    + 2004-08-04 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    - 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
    + 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
    + 2008-02-14 19:05 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    - 2008-02-14 19:05 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    + 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-05-11 12:40 . 2010-05-11 12:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2010-05-11 12:40 . 2010-05-11 12:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\3e5f4b.msp
    + 2011-01-07 21:13 . 2011-01-07 21:13 429568 c:\windows\Installer\3e5f2b.msi
    + 2009-03-20 17:48 . 2009-03-20 17:48 183808 c:\windows\Installer\3e5f22.msp
    + 2011-01-07 19:53 . 2011-01-07 19:53 219648 c:\windows\Installer\2e7cd6.msi
    + 2011-01-07 22:29 . 2011-01-07 22:29 180224 c:\windows\Installer\2e0210.msi
    + 2011-01-07 22:28 . 2011-01-07 22:28 675840 c:\windows\Installer\2e020b.msi
    + 2011-01-07 15:08 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB982381-IE7\wininet.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
    + 2011-01-07 15:08 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
    + 2011-01-07 15:08 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
    + 2011-01-07 15:08 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
    + 2011-01-07 15:08 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
    + 2011-01-07 15:08 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
    + 2011-01-07 15:08 . 2007-08-14 00:54 191488 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
    + 2011-01-07 15:08 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
    + 2011-01-07 15:09 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
    + 2011-01-07 15:09 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
    + 2011-01-07 15:09 . 2010-09-09 13:38 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 468480 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
    + 2011-01-07 15:09 . 2010-08-25 11:30 634648 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
    + 2011-01-07 15:09 . 2010-09-09 13:38 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
    + 2011-01-07 15:09 . 2010-08-25 11:29 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
    + 2011-01-07 15:09 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
    + 2011-01-07 15:09 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
    + 2011-01-07 15:09 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
    + 2011-01-07 15:09 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
    + 2011-01-07 15:09 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
    + 2011-01-07 15:09 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
    + 2009-10-13 13:40 . 2006-09-06 23:43 213216 c:\windows\ie7\spuninst\spuninst.exe
    + 2009-04-08 10:09 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2011-01-07 21:39 . 2011-01-07 21:39 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
    + 2011-01-07 21:33 . 2011-01-07 21:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
    + 2011-01-07 21:38 . 2011-01-07 21:38 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
    + 2011-01-07 21:40 . 2011-01-07 21:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
    + 2011-01-07 21:40 . 2011-01-07 21:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
    + 2011-01-07 21:40 . 2011-01-07 21:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
    + 2011-01-07 21:39 . 2011-01-07 21:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
    + 2011-01-07 21:33 . 2011-01-07 21:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
    + 2011-01-07 21:39 . 2011-01-07 21:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
    + 2011-01-07 21:39 . 2011-01-07 21:39 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-01-07 21:17 . 2011-01-07 21:17 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-01-07 21:17 . 2011-01-07 21:17 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-04-08 10:34 . 2009-04-08 10:34 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2011-01-07 21:17 . 2011-01-07 21:17 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2004-08-04 12:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
    + 2011-01-07 21:09 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
    + 2011-01-07 21:09 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
    + 2011-01-07 21:10 . 2008-04-14 00:12 354304 c:\windows\$NtUninstallKB960803$\winhttp.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB960803$\spuninst\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB959426$\spuninst\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe
    + 2011-01-07 21:10 . 2008-04-14 00:11 989696 c:\windows\$NtUninstallKB959426$\kernel32.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB952004$\spuninst\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe
    + 2011-01-07 21:10 . 2008-04-14 00:11 161792 c:\windows\$NtUninstallKB952004$\msdtcuiu.dll
    + 2011-01-07 21:10 . 2008-04-14 00:11 956928 c:\windows\$NtUninstallKB952004$\msdtctm.dll
    + 2011-01-07 21:10 . 2008-04-14 00:11 427008 c:\windows\$NtUninstallKB952004$\msdtcprx.dll
    + 2011-01-07 21:10 . 2008-04-14 00:12 214528 c:\windows\$NtUninstallKB923561$\wordpad.exe
    + 2011-01-07 21:10 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB923561$\spuninst\updspapi.dll
    + 2011-01-07 21:10 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe
    + 2011-01-07 15:07 . 2009-01-07 23:21 121856 c:\windows\$NtUninstallKB915865$\xmllite.dll
    + 2011-01-07 15:07 . 2005-10-12 23:12 371424 c:\windows\$NtUninstallKB915865$\updspapi.dll
    + 2011-01-07 15:07 . 2005-10-12 23:12 716000 c:\windows\$NtUninstallKB915865$\update.exe
    + 2011-01-07 15:07 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB915865$\spuninst.exe
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe
    + 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB959426\update\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB959426\update\update.exe
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB959426\spuninst.exe
    + 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
    + 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe
    + 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe
    + 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
    + 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
    + 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
    + 2011-01-07 21:10 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB923561\update\updspapi.dll
    + 2011-01-07 21:10 . 2008-11-15 17:18 755576 c:\windows\$hf_mig$\KB923561\update\update.exe
    + 2011-01-07 21:10 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB923561\spuninst.exe
    + 2011-01-07 20:57 . 2008-04-21 12:15 215552 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe
    + 2011-01-07 21:01 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
    + 2011-01-07 21:08 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
    + 2004-08-04 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
    + 2008-03-17 13:47 . 2011-01-07 08:09 1940828 c:\windows\system32\Restore\rstrlog.dat
    + 2004-08-04 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
    - 2004-08-04 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
    + 2004-08-04 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
    + 2004-08-04 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
    + 2007-05-15 20:43 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
    + 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
    + 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
    + 2008-02-14 19:04 . 2009-06-10 15:19 2066432 c:\windows\system32\mstscax.dll
    + 2004-08-04 12:00 . 2010-11-06 12:04 3604480 c:\windows\system32\mshtml.dll
    + 2007-08-14 00:54 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
    + 2007-02-12 22:10 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat
    + 2004-08-04 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
    + 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
    + 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
    - 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
    + 2006-09-23 19:12 . 2006-09-23 19:12 1497088 c:\windows\system32\dllcache\shdocvw.dll
    + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
    + 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
    + 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
    + 2008-04-14 00:12 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
    + 2009-04-08 10:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2008-02-14 19:04 . 2009-06-10 15:19 2066432 c:\windows\system32\dllcache\mstscax.dll
    + 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
    + 2004-08-04 12:00 . 2010-11-06 12:04 3604480 c:\windows\system32\dllcache\mshtml.dll
    + 2008-02-15 11:24 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
    + 2008-02-15 11:24 . 2010-02-22 22:04 2452872 c:\windows\system32\dllcache\ieapfltr.dat
    + 2006-09-23 19:12 . 2006-09-23 19:12 1022976 c:\windows\system32\dllcache\browseui.dll
    - 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
    + 2009-11-07 07:06 . 2009-11-07 07:06 1130824 c:\windows\system32\dfshim.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-03-23 11:32 . 2010-03-23 11:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2010-05-11 12:40 . 2010-05-11 12:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-05-11 12:40 . 2010-05-11 12:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2009-11-09 06:25 . 2009-11-09 06:25 1935360 c:\windows\Installer\3e5f64.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\3e5f36.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\3e5f35.msp
    + 2011-01-07 22:24 . 2011-01-07 22:24 2283008 c:\windows\Installer\2dff93.msi
    + 2011-01-07 15:08 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
    + 2011-01-07 15:08 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
    + 2011-01-07 15:08 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
    + 2011-01-07 15:08 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dat
    + 2011-01-07 15:09 . 2010-09-09 13:38 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
    + 2011-01-07 15:09 . 2010-09-10 01:08 3601920 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
    + 2011-01-07 15:09 . 2010-09-09 13:38 6075904 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
    + 2011-01-07 15:09 . 2010-07-05 20:32 2452872 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dat
    + 2011-01-07 15:09 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
    + 2011-01-07 15:09 . 2010-05-05 04:50 3600384 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
    + 2011-01-07 15:09 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
    + 2011-01-07 15:09 . 2010-02-22 22:04 2452872 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dat
    + 2011-01-07 21:28 . 2011-01-07 21:28 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
    + 2011-01-07 21:42 . 2011-01-07 21:42 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
    + 2011-01-07 21:38 . 2011-01-07 21:38 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
    + 2011-01-07 21:38 . 2011-01-07 21:38 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
    + 2011-01-07 21:40 . 2011-01-07 21:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
    + 2011-01-07 21:40 . 2011-01-07 21:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
    + 2011-01-07 21:33 . 2011-01-07 21:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
    + 2011-01-07 21:31 . 2011-01-07 21:31 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
    + 2011-01-07 21:41 . 2011-01-07 21:41 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-01-07 21:39 . 2011-01-07 21:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
    + 2011-01-07 21:23 . 2011-01-07 21:23 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-01-07 21:17 . 2011-01-07 21:17 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-01-07 21:23 . 2011-01-07 21:23 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-04-08 10:36 . 2009-04-08 10:36 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-04-08 10:37 . 2009-04-08 10:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-04-08 10:34 . 2009-04-08 10:34 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2011-01-07 21:23 . 2011-01-07 21:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2011-01-07 21:26 . 2011-01-07 21:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
    + 2008-02-15 11:22 . 2010-12-09 03:34 37366216 c:\windows\system32\MRT.exe
    + 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
    + 2010-05-19 19:08 . 2010-05-19 19:08 11408896 c:\windows\Installer\3e5f7a.msp
    + 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\3e5f70.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\3e5f44.msp
    + 2011-01-07 21:28 . 2011-01-07 21:28 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
    + 2011-01-07 21:38 . 2011-01-07 21:38 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
    + 2011-01-07 21:32 . 2011-01-07 21:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
    + 2011-01-07 21:29 . 2011-01-07 21:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
    + 2011-01-07 21:28 . 2011-01-07 21:28 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
    + 2011-01-07 21:27 . 2011-01-07 21:27 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
  7. kf4wto

    kf4wto Topic Starter

    Part 3

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk
    backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2008-02-21 01:58 19456 ----a-w- c:\windows\system32\CtHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2008-02-21 01:58 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    2004-12-22 14:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
    2008-02-14 20:43 94208 ----a-w- c:\windows\MXOALDR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
    2004-07-30 21:47 6946816 ----a-w- c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-09-25 23:10 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "RetroExpLauncher"=2 (0x2)
    "MDM"=2 (0x2)
    "KodakSvc"=2 (0x2)
    "helpsvc"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "Eventlog"=2 (0x2)
    "ERSvc"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "idsvc"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    "rcp_service"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "dlbx_device"=2 (0x2)
    "IDriverT"=3 (0x3)
    "npggsvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dlbxcoms.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22745:TCP"= 22745:TCP:BitCometLite 22745 TCP
    "22745:UDP"= 22745:UDP:BitCometLite 22745 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/7/2011 1:54 PM 135336]
    R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/14/2008 2:09 PM 91830]
    S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
    S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
    S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
    S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]

    2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: aol.com\free
    FF - ProfilePath - c:\documents and settings\Larry Williams\Application Data\Mozilla\Firefox\Profiles\wh9rbfaw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-10 13:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-796845957-1604221776-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{282BA93A-459E-D56F-F0E4-DA926EBF8E3E}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "eabflbhdkl"=hex:66,61,6c,6b,6b,62,64,6f,64,68,66,66,00,31
    "daoeobdl"=hex:64,62,6e,6b,68,65,64,65,6d,69,6f,6d,6d,63,66,67,6a,65,6a,62,66,
    6f,6a,66,6f,68,64,6c,69,67,66,68,65,66,63,62,70,6a,6f,61,00,00
    "iajlfbpboaignbgobm"=hex:6a,61,69,6f,6b,6c,61,64,6f,6d,6f,62,65,69,61,64,68,65,
    6e,6c,00,00
    "hadlddmofichlkma"=hex:6a,61,69,6f,6b,6c,61,64,6f,6d,6f,62,65,69,61,64,68,65,
    6e,6c,00,d0
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(688)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(15864)
    c:\windows\system32\WININET.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-10 13:23:30
    ComboFix-quarantined-files.txt 2011-01-10 19:23
    ComboFix2.txt 2011-01-07 12:19
    ComboFix3.txt 2011-01-06 15:27

    Pre-Run: 721,369,972,736 bytes free
    Post-Run: 723,986,563,072 bytes free

    - - End Of File - - 3070B18EEC37A20D97077234AFEDB3E2
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\xdva370.sys
    c:\windows\system32\xdva372.sys
    c:\windows\system32\xdva374.sys
    c:\windows\system32\xdva375.sys
    c:\windows\system32\xdva377.sys
    c:\windows\system32\xdva379.sys
    RegNull::
    [HKEY_USERS\S-1-5-21-796845957-1604221776-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{282BA93A-459E-D56F-F0E4-DA926EBF8E3E}*]
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    Driver::
    XDva370
    XDva372
    XDva374
    XDva375
    XDva377
    XDva379
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Recommend you remove this site from the Trusted Zone: Trusted Zone: aol.com\free
    Security is lower in thie zone and nothing nneeds to be in it.
    ===================
    I found that when setting the default browser, you not only have to set the one you want as default, but you also need to be sure Internet Explorer is unchecked. IE is very pushy and given the chance, it will try to be the default.
    ====================
    The entry Avira found was for FunWeb. This is a site for3D cursors, Smilies, wallpaper and such and is loaded with adware. It usually brings MyWeb Search with it.
    ===================
    So far, there is not indication of a rootkit unless something turns up in th script. Do you know what this entry is:
    uPolicies-system: zwxinptvxqkymmzwdbdiTaskMgr = 0 (0x0) (from DDS)
    and same in Combofix:
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)


    I notice you have some policies set, but the Task Manager isn't in them.
  9. kf4wto

    kf4wto Topic Starter

    Update

    I did as requested and the combofix log will follow. Those policies you mentioned I have never seen before. Something to mention, When the Iexplore.exe jobs kick in every two minutes and the error comes up, it puts a log file in the temp folder called serf_conf.log and test.reg. The log shows the following which I thought was interesting. I can delete it but then when the Iexplore pops up it recreates it.
    ======================
    [PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end][PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    http://www.clickleg.org/ac.php?aid=448&sid=direct2
    http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    onlineprostats.com
    searchsubstantial.org
    searchdistribution.org
    searchformat.org
    modeview.org
    modeview.org
    searchdistribution.org
    searchserver.org
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    10:1:2011
    [date_end]

    ======================
    COMBOFIX LOG
    ======================
    ComboFix 11-01-10.04 - Larry Williams 01/10/2011 17:17:50.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.698 [GMT -6:00]
    Running from: c:\documents and settings\Larry Williams\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Larry Williams\My Documents\Downloads\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\system32\xdva370.sys"
    "c:\windows\system32\xdva372.sys"
    "c:\windows\system32\xdva374.sys"
    "c:\windows\system32\xdva375.sys"
    "c:\windows\system32\xdva377.sys"
    "c:\windows\system32\xdva379.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CFLog

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_XDVA370
    -------\Legacy_XDVA372
    -------\Legacy_XDVA374
    -------\Legacy_XDVA375
    -------\Legacy_XDVA377
    -------\Legacy_XDVA379
    -------\Service_XDva370
    -------\Service_XDva372
    -------\Service_XDva374
    -------\Service_XDva375
    -------\Service_XDva377
    -------\Service_XDva379


    ((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
    .

    2011-01-08 07:25 . 2011-01-08 07:25 -------- d-----w- c:\documents and settings\Larry Williams\Local Settings\Application Data\Temp
    2011-01-07 22:29 . 2011-01-07 22:29 -------- d-----w- c:\program files\Common Files\Java
    2011-01-07 22:29 . 2011-01-07 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-07 22:28 . 2011-01-07 22:28 -------- d-----w- c:\program files\Java
    2011-01-07 22:22 . 2011-01-07 22:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-01-07 21:31 . 2011-01-10 00:25 -------- d-----w- c:\windows\system32\NtmsData
    2011-01-07 21:09 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-07 21:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-07 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-07 21:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-01-07 21:05 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-07 21:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-01-07 21:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-01-07 21:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-01-07 21:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-01-07 20:57 . 2010-07-12 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-07 20:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-01-07 20:19 . 2011-01-07 20:19 -------- d-----w- c:\documents and settings\Larry Williams\Application Data\Avira
    2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\program files\Avira
    2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-01-07 19:54 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-07 19:54 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-07 19:54 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-01-07 19:54 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-01-07 15:45 . 2011-01-07 15:45 -------- d-----w- c:\program files\ESET
    2011-01-07 13:22 . 2011-01-07 13:22 -------- d--h--w- c:\windows\PIF
    2011-01-05 18:18 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-05 18:18 . 2011-01-07 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-05 18:18 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-25 03:01 . 2010-12-25 03:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-07 22:28 . 2010-09-18 10:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34 . 2009-10-13 13:40 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-10-21 12:12 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
    .

    ------- Sigcheck -------

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-01-10_19.09.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-07 20:08 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2011-01-07 20:08 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-02-14 19:10 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-02-14 19:10 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk
    backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2008-02-21 01:58 19456 ----a-w- c:\windows\system32\CtHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2008-02-21 01:58 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    2004-12-22 14:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
    2008-02-14 20:43 94208 ----a-w- c:\windows\MXOALDR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
    2004-07-30 21:47 6946816 ----a-w- c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-09-25 23:10 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "RetroExpLauncher"=2 (0x2)
    "MDM"=2 (0x2)
    "KodakSvc"=2 (0x2)
    "helpsvc"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "Eventlog"=2 (0x2)
    "ERSvc"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "idsvc"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    "rcp_service"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "dlbx_device"=2 (0x2)
    "IDriverT"=3 (0x3)
    "npggsvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dlbxcoms.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22745:TCP"= 22745:TCP:BitCometLite 22745 TCP
    "22745:UDP"= 22745:UDP:BitCometLite 22745 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/7/2011 1:54 PM 135336]
    R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/14/2008 2:09 PM 91830]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]

    2011-01-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - c:\documents and settings\Larry Williams\Application Data\Mozilla\Firefox\Profiles\wh9rbfaw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-10 17:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(688)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1472)
    c:\windows\system32\WININET.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-10 18:01:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-11 00:00
    ComboFix2.txt 2011-01-10 19:23
    ComboFix3.txt 2011-01-07 12:19
    ComboFix4.txt 2011-01-06 15:27

    Pre-Run: 724,008,947,712 bytes free
    Post-Run: 724,109,934,592 bytes free

    - - End Of File - - DBAEBE8CC6708159B7AD0DBF2B9D0FBC
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thanks to for info. But try doing a search to ID something with 'click' as part of the word! Anyway, after a trip around the internet, I have found this info:

    Does anything below look familiar to you?
    Clickleg.org is currently hosted at Ecomdevel visit site. The IP 209.212.147.208 links to a server in Arlington Heights, United States. The company behind this all is Ecomdevel.Ecomdevel Llc does business in Wired Telecommunications Carriers.
    View full company profile
    URLs: www.ecomdevel.com
    Stock Symbol: Ecomdevel Llc
    Line Of Business: Internet Host Services
    Estimated Annual Sales: $810,000
    Estimated # of Employees: 8
    Year Founded: 2003
    Also Known As: Gigenet>> "GigeNET offers complete hosting solutions for large and small companies".
    http://www.aboutus.org/ClickLeg.org#home-page-analysis-
    ===================================
    I'd like you to run HijackThis and see if we can pick up the IP as the Name Server. Then I can deal with it from there. Please don't do anything about it on your own!
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    I'd like you to run a different online virus scan:
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
  11. kf4wto

    kf4wto Topic Starter

    Update

    I tried to run the Kaperskey Online Scanner 5 different times using IE7 and received the following error:Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

    I made sure it was the only thing running and I did not have any internet interuptions. I even shut off the Antivir Guard on the Avira Antivirus to make sure that was not the issue.

    =============================
    Logfile of HijackThis v1.99.1
    Scan saved at 12:29:29 PM, on 1/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Larry Williams\Desktop\Downloads\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294433759390
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

    ====================================
    I have Microsoft Process Monitor and was running it trying to capture what is creating the temp file. I found iexplore.exe is
    writing the serf_conf.log file every time it auto kicks on. It is using a DLL called rpcss.dll and a QueryDirectory C:\Documents and Settings\Larry Williams\Desktop\*EDS.txt .
     
  12. kf4wto

    kf4wto Topic Starter

    Bump

    This has been going on for a week now. One response per day is getting old. Is there a fix or do I need to format and spend 2 days re-installing?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Gosh it's bothersome when the people I help don't realize that I volunteer to help out here and also have a life!

    Considering you came here after running a bunch of scans and deleting unknown entries, I though I was helping you.

    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it, then press 'Next'.
    • Click on 'Finish' when you've done.

    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    Click on 'Preferences'.
    Click on the 'Statistics/Logs' tab.
    Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad.
    Paste the notepad file here on your reply
    ====================
  14. kf4wto

    kf4wto Topic Starter

    Last Post

    Gosh? It's bothersome to me when there is a website claiming to assist people that have smartasses claiming they are assisting people. Yes, I ran scans and did indeed fix other issues before making a post on this site. I am the owner of an IBM AS400 Consulting Company and have been programming IBM mainframes and mid-range systems for the last 27 years. In analyzing the problem, I noticed someone else had the exact same virus and figured I would be able to get a one reply solution since it was the same issue to the letter. For the past week we have gotten no place, so your so called "help" has gotten me nothing at all.

    Here is some advice, keep your day job! I won't be coming to this site again.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Running Superantispyware should help to remove the Tracking Cookies you appear to have.

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Wishing you the best for a Happy and Peaceful New Year.![​IMG]
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.