Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 11:53:54 PM, on 5/1/2010
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\Bartshel.exe
C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\PPShared.exe
C:\Program Files (x86)\EarthLink Accelerated\propelac.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files (x86)\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\EARTHL~2\PRPL_I~1.DLL
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files (x86)\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Earthlink Protection BHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files (x86)\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files (x86)\EarthLink\ISP\ISP8200\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-image.html
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
https://wimpro2.cce.hp.com/ChatEntry/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) -
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Unknown owner - C:\Windows\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4058
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/2/2010 1:11:08 AM
mbam-log-2010-05-02 (01-11-08).txt
Scan type: Quick scan
Objects scanned: 113351
Time elapsed: 3 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
NO GMER LOG- was having problems
DDS (Ver_10-03-17.01) - NTFSX64
Run by Vanessia Thomas at 16:53:12.96 on Sun 05/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1051 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\Bartshel.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\PPShared.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EarthLink Accelerated\propelac.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Vanessia Thomas\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://search.earthlink.net
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files (x86)\earthlink\toolbar\ElnkPuB.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~2\earthl~2\PRPL_I~1.DLL
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files (x86)\earthlink\toolbar\ProtctIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files (x86)\earthlink\toolbar\uninsttb.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files (x86)\earthlink\toolbar\Toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Bart Station] c:\program files (x86)\earthlink\isp\isp8200\bin\PPCOLink.exe -STATION
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Refresh Pa&ge with Full Quality - c:\program files (x86)\earthlink accelerated\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files (x86)\earthlink accelerated\pac-image.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: facebook.com\apps
Trusted Zone: yahoo.com\www
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
mRun-x64: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\x64\3\LXBTtime.dll,RunDLLEntry
mRun-x64: [lxbtmon.exe] "c:\program files (x86)\lexmark 5200 series\lxbtmon.exe"
mRun-x64: [EzPrint] "c:\program files (x86)\lexmark 5200 series\ezprint.exe"
============= SERVICES / DRIVERS ===============
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-13 135664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1255736]
=============== Created Last 30 ================
2010-05-02 05:43:29 0 d-----w- c:\users\vaness~1\appdata\roaming\Malwarebytes
2010-05-02 05:43:20 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 05:43:20 0 d-----w- c:\programdata\Malwarebytes
2010-05-02 05:43:20 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-05-02 04:06:58 0 d-----w- c:\programdata\Recovery
2010-05-01 22:25:36 0 d-----w- c:\programdata\Sun
2010-05-01 21:29:22 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-01 21:29:22 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-01 21:29:22 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-01 21:29:22 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-01 08:27:15 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 07:42:30 0 d-----w- c:\users\vaness~1\appdata\roaming\IObit
2010-05-01 07:42:30 0 d-----w- c:\program files (x86)\IObit
2010-04-30 18:25:49 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-30 18:25:49 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-04-30 18:25:48 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-30 18:25:48 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-30 18:25:48 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-30 07:39:41 0 d-----w- c:\programdata\McAfee
2010-04-30 05:59:24 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-25 10:00:52 0 d-----w- c:\windows\syswow64\Wat
2010-04-25 10:00:52 0 d-----w- c:\windows\system32\Wat
2010-04-14 05:48:17 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 05:48:16 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-04-14 05:48:16 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-04-14 05:28:07 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 05:28:07 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 05:28:07 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 05:24:25 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 05:24:25 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 04:06:14 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 04:06:14 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 04:04:58 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 04:04:58 172032 ----a-w- c:\windows\syswow64\wintrust.dll
==================== Find3M ====================
2010-03-18 03:20:56 0 ----a-w- c:\users\vaness~1\appdata\roaming\wklnhst.dat
2010-03-09 01:29:23 1685 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_AY028AA-ABA CQ5300Y_YC_0Pres_Q4CE002_EA1NAv6PrA3_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.55_T091208_WUH0_L409_M1791_J320_7AMD_8Sempron LE-1300_92.3_#_N10DE03EF_Z11C10630_G10DE03D0.MRK
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 16:53:25.51 ===============