Solved Wipe out all programs

Status
Not open for further replies.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_23.32.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-17 16:38 . 2011-04-17 16:38 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
- 2006-02-28 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2011-04-16 06:39 67312 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-03-13 20:10 67312 c:\windows\system32\perfc009.dat
+ 2007-08-13 22:54 . 2011-02-17 19:00 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2010-12-20 23:08 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 27648 c:\windows\system32\jsproxy.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 22:39 . 2011-02-17 11:43 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2010-12-20 12:54 13824 c:\windows\system32\ieudinit.exe
- 2006-02-28 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\iernonce.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\iernonce.dll
- 2006-02-28 12:00 . 2010-12-20 12:54 70656 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-02-17 11:43 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2011-02-17 19:00 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2010-12-20 23:08 63488 c:\windows\system32\icardie.dll
+ 2011-04-17 01:38 . 2010-06-17 18:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-02-28 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2006-02-28 12:00 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-05-04 02:23 . 2011-02-17 19:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-05-04 02:23 . 2010-12-20 23:08 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-05-04 02:23 . 2010-12-20 12:54 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-05-04 02:23 . 2011-02-17 11:43 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-02-28 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-02-28 12:00 . 2010-12-20 12:54 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-02-17 11:43 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-05-04 02:23 . 2010-12-20 23:08 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-05-04 02:23 . 2011-02-17 19:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2010-03-11 12:38 . 2011-02-17 19:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2010-03-11 12:38 . 2010-12-20 23:08 17408 c:\windows\system32\dllcache\corpol.dll
+ 2011-04-16 05:58 . 2011-04-16 05:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-30 23:05 . 2011-04-16 05:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-30 23:05 . 2011-03-30 05:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-16 05:58 . 2011-04-16 05:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-30 23:05 . 2011-03-30 05:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-01 19:48 . 2011-04-16 06:44 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2010-11-11 05:40 . 2010-11-11 05:40 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-04-16 06:36 . 2011-04-16 06:36 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-23 09:47 . 2010-09-23 09:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 08:03 . 2010-09-23 08:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 07:52 . 2010-09-23 07:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 23:12 . 2010-09-22 23:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 44544 c:\windows\ie7updates\KB2497640-IE7\pngfilt.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 52224 c:\windows\ie7updates\KB2497640-IE7\msfeedsbs.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 27648 c:\windows\ie7updates\KB2497640-IE7\jsproxy.dll
+ 2011-04-16 06:41 . 2010-12-20 12:54 13824 c:\windows\ie7updates\KB2497640-IE7\ieudinit.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 44544 c:\windows\ie7updates\KB2497640-IE7\iernonce.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 78336 c:\windows\ie7updates\KB2497640-IE7\ieencode.dll
+ 2011-04-16 06:41 . 2010-12-20 12:54 70656 c:\windows\ie7updates\KB2497640-IE7\ie4uinit.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 63488 c:\windows\ie7updates\KB2497640-IE7\icardie.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 17408 c:\windows\ie7updates\KB2497640-IE7\corpol.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-16 06:42 . 2011-04-16 06:42 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-16 06:41 . 2011-04-16 06:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-17 15:24 . 2011-04-17 15:24 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-17 15:23 . 2011-04-17 15:23 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-05-01 19:48 . 2011-04-16 06:44 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-10-09 04:09 . 2010-10-09 04:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-09 04:09 . 2010-10-09 04:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 233472 c:\windows\system32\webcheck.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 233472 c:\windows\system32\webcheck.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2011-04-16 06:39 432356 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-03-13 20:10 432356 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-02-17 19:00 102912 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 102912 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2006-02-28 12:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 671232 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 671232 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 193024 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 193024 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 478208 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 478208 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2011-02-17 19:00 468480 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2010-12-20 23:08 468480 c:\windows\system32\msfeeds.dll
+ 2006-02-28 12:00 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
- 2006-02-28 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2007-08-13 22:34 . 2010-12-20 23:08 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2011-02-17 19:00 268288 c:\windows\system32\iertutil.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 192512 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 192512 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 384512 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2011-02-17 19:00 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2010-12-20 23:08 380928 c:\windows\system32\ieapfltr.dll
- 2006-02-28 12:00 . 2010-12-20 11:23 161792 c:\windows\system32\ieakui.dll
+ 2006-02-28 12:00 . 2011-02-14 12:15 161792 c:\windows\system32\ieakui.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 153088 c:\windows\system32\ieakeng.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 153088 c:\windows\system32\ieakeng.dll
- 2009-04-30 18:27 . 2011-02-12 14:10 133280 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-30 18:27 . 2011-04-17 00:15 133280 c:\windows\system32\FNTCACHE.DAT
- 2006-02-28 12:00 . 2010-12-20 23:08 133120 c:\windows\system32\extmgr.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 133120 c:\windows\system32\extmgr.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 214528 c:\windows\system32\dxtrans.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 214528 c:\windows\system32\dxtrans.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 347136 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 347136 c:\windows\system32\dxtmsft.dll
- 2006-02-28 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 12:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 105984 c:\windows\system32\dllcache\url.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 105984 c:\windows\system32\dllcache\url.dll
+ 2009-05-04 00:14 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2006-02-28 12:00 . 2011-02-17 19:00 102912 c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 102912 c:\windows\system32\dllcache\occache.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 193024 c:\windows\system32\dllcache\msrating.dll
 
- 2006-02-28 12:00 . 2010-12-20 23:08 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-05-04 02:23 . 2011-02-17 19:00 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2009-05-04 02:23 . 2010-12-20 23:08 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-01 20:56 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-09-18 16:23 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 16:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-12 23:23 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2009-05-04 00:14 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-05-04 00:14 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-04-30 22:57 . 2011-02-14 12:17 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-04-30 22:57 . 2010-12-20 11:25 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2009-05-04 02:23 . 2011-02-17 19:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-05-04 02:23 . 2010-12-20 23:08 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-05-04 02:23 . 2011-02-17 19:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-05-04 02:23 . 2010-12-20 23:08 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-02-28 12:00 . 2011-02-14 12:15 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-02-28 12:00 . 2010-12-20 11:23 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2011-02-17 19:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 124928 c:\windows\system32\advpack.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 124928 c:\windows\system32\advpack.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-05-01 19:48 . 2011-04-16 06:44 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-05-01 19:48 . 2011-04-16 06:44 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-05-01 19:48 . 2010-12-18 15:20 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-09-10 23:17 . 2010-09-10 23:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 01:41 . 2010-09-23 01:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-23 09:47 . 2010-09-23 09:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 23:04 . 2010-09-22 23:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 00:39 . 2010-09-23 00:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 23:50 . 2010-09-22 23:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 832512 c:\windows\ie7updates\KB2497640-IE7\wininet.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 233472 c:\windows\ie7updates\KB2497640-IE7\webcheck.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 105984 c:\windows\ie7updates\KB2497640-IE7\url.dll
+ 2011-04-16 06:41 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2497640-IE7\spuninst\updspapi.dll
+ 2011-04-16 06:41 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2497640-IE7\spuninst\spuninst.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 102912 c:\windows\ie7updates\KB2497640-IE7\occache.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 671232 c:\windows\ie7updates\KB2497640-IE7\mstime.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 193024 c:\windows\ie7updates\KB2497640-IE7\msrating.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 478208 c:\windows\ie7updates\KB2497640-IE7\mshtmled.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 468480 c:\windows\ie7updates\KB2497640-IE7\msfeeds.dll
+ 2011-04-16 06:41 . 2010-12-20 11:25 634648 c:\windows\ie7updates\KB2497640-IE7\iexplore.exe
+ 2011-04-16 06:41 . 2010-12-20 23:08 268288 c:\windows\ie7updates\KB2497640-IE7\iertutil.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 192512 c:\windows\ie7updates\KB2497640-IE7\iepeers.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 384512 c:\windows\ie7updates\KB2497640-IE7\iedkcs32.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 380928 c:\windows\ie7updates\KB2497640-IE7\ieapfltr.dll
+ 2011-04-16 06:41 . 2010-12-20 11:23 161792 c:\windows\ie7updates\KB2497640-IE7\ieakui.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 230400 c:\windows\ie7updates\KB2497640-IE7\ieaksie.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 153088 c:\windows\ie7updates\KB2497640-IE7\ieakeng.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 133120 c:\windows\ie7updates\KB2497640-IE7\extmgr.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 214528 c:\windows\ie7updates\KB2497640-IE7\dxtrans.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 347136 c:\windows\ie7updates\KB2497640-IE7\dxtmsft.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 124928 c:\windows\ie7updates\KB2497640-IE7\advpack.dll
+ 2009-05-01 20:56 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-17 15:25 . 2011-04-17 15:25 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-16 06:46 . 2011-04-16 06:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 130048 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\849a957779eaa3b15eef6083f4c529ab\System.Web.Routing.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 554496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3a7b498f208d99f0cf46c151baf85127\System.Web.DynamicData.ni.dll
+ 2011-04-17 15:28 . 2011-04-17 15:28 153600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9929dc6cb8d32d638224b8cb3462f7\System.Web.Abstractions.ni.dll
+ 2011-04-17 15:28 . 2011-04-17 15:28 625664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d29018049be297db6698ac2c00668fb5\System.Transactions.ni.dll
+ 2011-04-17 15:28 . 2011-04-17 15:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-17 15:23 . 2011-04-17 15:23 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-17 15:23 . 2011-04-17 15:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-16 06:45 . 2011-04-16 06:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-17 15:26 . 2011-04-17 15:26 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-17 15:26 . 2011-04-17 15:26 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-17 15:26 . 2011-04-17 15:26 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-17 15:25 . 2011-04-17 15:25 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-16 06:43 . 2011-04-16 06:43 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-16 06:43 . 2011-04-16 06:43 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-16 06:43 . 2011-04-16 06:43 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-16 06:43 . 2011-04-16 06:43 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-17 15:25 . 2011-04-17 15:25 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-17 15:24 . 2011-04-17 15:24 376320 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\37d7285560d4637d8bc27e725543e5c6\ComSvcConfig.ni.exe
+ 2011-04-17 15:23 . 2011-04-17 15:23 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-16 00:55 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
- 2006-02-28 12:00 . 2010-12-20 23:08 1168384 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 1168384 c:\windows\system32\urlmon.dll
+ 2011-04-09 23:42 . 2011-04-17 00:46 3453100 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2011-02-17 19:00 3607040 c:\windows\system32\mshtml.dll
- 2007-08-13 22:54 . 2010-12-20 23:08 6075904 c:\windows\system32\ieframe.dll
+ 2007-08-13 22:54 . 2011-02-17 19:00 6075904 c:\windows\system32\ieframe.dll
+ 2009-02-09 11:13 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
- 2006-02-28 12:00 . 2010-12-20 23:08 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-02-17 19:00 3607040 c:\windows\system32\dllcache\mshtml.dll
- 2009-05-04 02:23 . 2010-12-20 23:08 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2009-05-04 02:23 . 2011-02-17 19:00 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-11-21 03:34 . 2010-11-21 03:34 1198080 c:\windows\Installer\63d3a.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\63d32.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\63d2a.msp
+ 2010-12-09 19:25 . 2010-12-09 19:25 9625088 c:\windows\Installer\63d22.msp
+ 2011-02-25 18:25 . 2011-02-25 18:25 7968256 c:\windows\Installer\63d0e.msp
- 2011-01-27 03:51 . 2011-01-27 03:51 6382592 c:\windows\Installer\{C7B3E1FC-98A9-4276-B6A7-5141F4DA3B51}\hips_cc.msi
+ 2011-01-27 03:51 . 2011-04-12 03:15 6382592 c:\windows\Installer\{C7B3E1FC-98A9-4276-B6A7-5141F4DA3B51}\hips_cc.msi
+ 2010-09-22 23:05 . 2010-09-22 23:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-19 22:51 . 2010-06-19 22:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 1168384 c:\windows\ie7updates\KB2497640-IE7\urlmon.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 3606528 c:\windows\ie7updates\KB2497640-IE7\mshtml.dll
+ 2011-04-16 06:41 . 2010-12-20 23:08 6075904 c:\windows\ie7updates\KB2497640-IE7\ieframe.dll
+ 2011-04-16 06:41 . 2011-04-16 06:41 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-16 06:41 . 2011-04-16 06:41 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-17 15:30 . 2011-04-17 15:30 1838080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\148c01fe83bafd7044cd3ddd76cae184\System.Web.Services.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 2430464 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\31473e943bdf03e5021daa8613a8b87c\System.Web.Extensions.ni.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-17 15:28 . 2011-04-17 15:28 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-17 15:24 . 2011-04-17 15:24 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-16 06:45 . 2011-04-16 06:45 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-17 15:23 . 2011-04-17 15:23 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-16 06:45 . 2011-04-16 06:45 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-16 06:44 . 2011-04-16 06:44 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-17 15:26 . 2011-04-17 15:26 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-16 06:44 . 2011-04-16 06:44 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-17 15:26 . 2011-04-17 15:26 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-16 06:44 . 2011-04-16 06:44 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-16 06:44 . 2011-04-16 06:44 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-16 06:44 . 2011-04-16 06:44 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-16 06:41 . 2011-04-16 06:41 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-17 15:24 . 2011-04-17 15:24 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-17 15:25 . 2011-04-17 15:25 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-09 04:09 . 2010-10-09 04:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-16 06:39 . 2011-04-16 06:39 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-09 04:10 . 2010-10-09 04:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-16 06:38 . 2011-04-16 06:38 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-05-04 02:23 . 2011-04-16 06:29 39828936 c:\windows\system32\MRT.exe
+ 2011-01-18 01:36 . 2011-01-18 01:36 17520128 c:\windows\Installer\63d59.msp
+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\63d45.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\2d9b20.msp
+ 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\2d9b1f.msp
+ 2010-09-23 08:03 . 2010-09-23 08:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-04-16 06:46 . 2011-04-16 06:46 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-17 15:29 . 2011-04-17 15:29 11799552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\971b5904fb063a6d165e6e0fa4254fdd\System.Web.ni.dll
+ 2011-04-17 15:27 . 2011-04-17 15:27 17368064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\eb3a1bb66ce816af771fa8d859adadec\System.ServiceModel.ni.dll
+ 2011-04-17 15:24 . 2011-04-17 15:24 17368064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\16e0475ba4418cf543e8fa79b7bd277a\System.ServiceModel.ni.dll
+ 2011-04-16 06:45 . 2011-04-16 06:45 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-16 06:43 . 2011-04-16 06:43 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-16 06:42 . 2011-04-16 06:42 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-16 06:40 . 2011-04-16 06:40 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
 
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^On-Line Registration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\On-Line Registration.lnk
backup=c:\windows\pss\On-Line Registration.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerDVD Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerDVD Help.lnk
backup=c:\windows\pss\PowerDVD Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerDVD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerDVD.lnk
backup=c:\windows\pss\PowerDVD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Readme.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Readme.lnk
backup=c:\windows\pss\Readme.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^System Diagnostic.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\System Diagnostic.lnk
backup=c:\windows\pss\System Diagnostic.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Uninstall PowerDVD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Uninstall PowerDVD.lnk
backup=c:\windows\pss\Uninstall PowerDVD.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 01:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1273802316\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/16/2011 9:38 PM 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2010 5:19 PM 135664]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [4/30/2009 7:51 PM 3351]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 21:19]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 21:19]
.
2011-04-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2011-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1580436667-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-04-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1580436667-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-tyc7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-17 12:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-17 12:48:28
ComboFix-quarantined-files.txt 2011-04-17 16:48
.
Pre-Run: 47,655,628,800 bytes free
Post-Run: 47,905,935,360 bytes free
.
- - End Of File - - B0F5EF1C8A62A9F6CA3CAB39A68EC506
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6378

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/17/2011 11:57:44 AM
mbam-log-2011-04-17 (11-57-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 210292
Time elapsed: 44 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\57\443dc1b9-74179f9f (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP219\A0167477.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP220\A0167535.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP220\A0167536.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP221\A0167770.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP222\A0168922.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP222\A0168923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
What I did wrong was a different system restore to this past Thursday 4/14/11 to get rid of windows restore virus
Click to expand...
Are these entries what you are referring to when you say "The programs that I ran to get rid of the "windows restore virus"?
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP219\A0167477.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP220\A0167535.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP220\A0167536.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP221\A0167770.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP222\A0168922.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{65de9849-3b5d-461c-a8de-19fdd5228f58}\RP222\A0168923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Click to expand...

I think maybe you don't understand these entries: All of the entries above are for System Restore points. When each restore point was set, there was malware in it-but- as long as it is only here, it is not active in the system and can only harm the system is one of the infected restore points is used. The Restore points 219 through 222 were infected.

The Restore Point I gave you was the latest one available at that point- RP 207. and right before you started the logs. The ones above were after that. So when you restores to a later restore point, you put the malware back into the system.
At the end of cleaning, I have you set a new, clean restore point and drop all of the old ones. But we keep the restore points while cleaning because sometimes, malware can so corrupt the system, that the only way back in is through a restore point.
====================================
There is one new entry and it's in the Java cache.

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
    5000020301.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    5000020303.jpg

    There are three options on this window to clear the cache.Check all.
  • . Delete Files
  • .View Applications
  • .View Applets
    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
     [6]. Click Apply> OK on Temporary Files Settings window.
Note: Depending on the version of Java you have, the Delete screen may be slightly different. It may only require you to click Delete. Period.
=====================================
I suggest you remove these sites from the Trusted Zone. They were likely put there by the computer manufacturer. Nothing needs to be in the Trusted Zone. The security settings are lower in that zone and the system is at more risk:
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
All 3 of these are actually the same domain.
======================================
This Virus deleted my IE fav, redirected my google sarch and left a IE script error on my PC that will not go away.
Click to expand...
No, it didn't. It made you think the program and Favorites were gone. It made you think you had to click on their site to fix all the rogue alerts it put out.

The script error was most likely caused by this entry:
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
Click to expand...
MBFWebBehaviors.cab isn't malware or spyware. It contains the script behaviors that are needed by the web parts in Business Portal. Please review the information on the following site and apply what is appropriate for you:
http://www.ms-news.net/f1610/re-add-users-to-the-business-portal-site-8349224.html
=======================================
I'm reviewing the Combofix log now and will be back in a few minutes with script to run if needed.
 
It bothers me a lot when someone wants help to clean malware from their system, then goes ahead and installs 3 file sharing programs!
c:\program files\BearShare Applications
c:\program files\FrostWire
c:\program files\iMesh Applications
P2P or 'file sharing Warning:
Even if you are using a "safe" P2P program, it is only the program that is safe.
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning to help you better understand these dangers.
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
Folder::
c:\program files\BearShare Applications
c:\program files\FrostWire
c:\program files\iMesh Applications
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=-
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^On-Line Registration.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Readme.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Run this last scan please and we will be finished:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
ComboFix 11-04-16.03 - Owner 04/17/2011 21:19:03.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.684 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BearShare Applications
c:\program files\FrostWire
c:\program files\FrostWire\aopalliance.jar
c:\program files\FrostWire\clink.jar
c:\program files\FrostWire\commons-codec-1.3.jar
c:\program files\FrostWire\commons-logging.jar
c:\program files\FrostWire\daap.jar
c:\program files\FrostWire\forms.jar
c:\program files\FrostWire\foxtrot.jar
c:\program files\FrostWire\FrostWire.exe
c:\program files\FrostWire\FrostWire.jar
c:\program files\FrostWire\gettext-commons.jar
c:\program files\FrostWire\gson-1.4.jar
c:\program files\FrostWire\guice-1.0.jar
c:\program files\FrostWire\httpclient-4.0.jar
c:\program files\FrostWire\httpcore-4.0.1.jar
c:\program files\FrostWire\httpcore-nio-4.0.1.jar
c:\program files\FrostWire\icu4j.jar
c:\program files\FrostWire\jaudiotagger.jar
c:\program files\FrostWire\jcip-annotations.jar
c:\program files\FrostWire\jcraft.jar
c:\program files\FrostWire\jdic.dll
c:\program files\FrostWire\jdic.jar
c:\program files\FrostWire\jdic_stub.jar
c:\program files\FrostWire\jflac.jar
c:\program files\FrostWire\jl.jar
c:\program files\FrostWire\jmdns.jar
c:\program files\FrostWire\log4j.jar
c:\program files\FrostWire\looks.jar
c:\program files\FrostWire\lw-azureus.jar
c:\program files\FrostWire\lw-collection.jar
c:\program files\FrostWire\lw-common.jar
c:\program files\FrostWire\lw-http.jar
c:\program files\FrostWire\lw-io.jar
c:\program files\FrostWire\lw-mojito.jar
c:\program files\FrostWire\lw-net.jar
c:\program files\FrostWire\lw-nio.jar
c:\program files\FrostWire\lw-resources.jar
c:\program files\FrostWire\lw-rudp.jar
c:\program files\FrostWire\lw-security.jar
c:\program files\FrostWire\lw-setting.jar
c:\program files\FrostWire\lw-statistic.jar
c:\program files\FrostWire\messages.jar
c:\program files\FrostWire\mp3spi.jar
c:\program files\FrostWire\onion-common.jar
c:\program files\FrostWire\onion-fec.jar
c:\program files\FrostWire\ProgressTabs.jar
c:\program files\FrostWire\splash.jar
c:\program files\FrostWire\SystemUtilities.dll
c:\program files\FrostWire\themes.jar
c:\program files\FrostWire\tritonus.jar
c:\program files\FrostWire\vorbisspi.jar
c:\program files\iMesh Applications
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-17 01:38 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-17 01:38 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-17 01:38 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-17 01:38 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-17 01:38 . 2011-04-17 01:38 -------- d-----w- c:\program files\Avira
2011-04-17 01:38 . 2011-04-17 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-17 01:29 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 06:20 . 2011-04-16 06:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-13 01:12 . 2011-04-13 01:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-04-12 03:14 . 2011-04-17 01:38 -------- d-----w- c:\program files\CA
2011-04-12 03:05 . 2011-04-12 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-03-31 21:55 . 2011-03-31 21:55 -------- d-----w- c:\program files\ESET
2011-03-30 21:37 . 2011-03-30 21:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-03-30 21:37 . 2011-03-30 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-30 21:37 . 2011-04-17 01:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 05:33 . 2011-04-16 06:20 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 03:17 . 2011-01-27 03:50 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-04-12 03:17 . 2011-01-27 03:50 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-03-07 05:33 . 2009-04-30 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2006-02-28 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-02-28 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-04 00:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-02-28 12:00 389120 ------w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-04-30 22:56 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-04-30 22:56 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^On-Line Registration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\On-Line Registration.lnk
backup=c:\windows\pss\On-Line Registration.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerDVD Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerDVD Help.lnk
backup=c:\windows\pss\PowerDVD Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerDVD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerDVD.lnk
backup=c:\windows\pss\PowerDVD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Readme.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Readme.lnk
backup=c:\windows\pss\Readme.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^System Diagnostic.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\System Diagnostic.lnk
backup=c:\windows\pss\System Diagnostic.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Uninstall PowerDVD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Uninstall PowerDVD.lnk
backup=c:\windows\pss\Uninstall PowerDVD.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 01:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1273802316\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/16/2011 9:38 PM 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2010 5:19 PM 135664]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [4/30/2009 7:51 PM 3351]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 21:19]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 21:19]
.
2011-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1580436667-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1580436667-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-tyc7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-17 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-04-17 21:40:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-18 01:40
ComboFix2.txt 2011-04-17 16:48
.
Pre-Run: 48,150,261,760 bytes free
Post-Run: 48,196,259,840 bytes free
.
- - End Of File - - 931464C1CA93049495160C34F290FE92
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:13 PM, on 4/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8229 bytes
 
Thanks for the info regarding P2P Sharing. Guess I will stick with Itune :). Also My IE fav are still missing or invisible :confused:
 
I can't do anything with HijackThis because you put it in a temporary file instead of creating the directory.

If your Favorites is empty, and not displaying any shortcuts, the first thing you should check is that you’re logged into your User Account. Click the Start button, and then choose “Log off” (or “Switch User”, depending) and verify that you are indeed logged into your user profile (and not Guest or Admin..).

If this is not the issue, navigate to the folder that contains the shortcuts list– this is called “Favorites”, and it’s located in your User folder. In XP, your User folder is in the Documents and Setting folder, so your path is c:\Documents and Settings\User*.

Or, you have never exported and haven’t backed up your files and folders.. well, here is where you can try System Restore to revert your computer to an earlier date. System Restore does not restore deleted files, but it does store User Account information, and so you may have luck this way.
Source: Paul at WordPress.
 
Ok Bobye, what do I do with highjackthis? it's on my desktop. how do I create the directory that you need? and what else? is my system ok for now?
 
You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues:

Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder

  1. 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

    2. Download HijackThis to the new folder:

    3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

    4. Close ALL windows except HJT

    5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

    6. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
Please make sure you post the entire log including the top portion:

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Go ahead and do the above. I'll be back later with script and HJT. My internet has been down for last 14 hours and I'm behind..
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:23 PM, on 4/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8497 bytes
 
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe
Click to expand...

Still in temporary directory. The instruction was:
open your C:\ drive, Select: New >> Folder and name the folder HJT.
That means the directory for HijackThis would show as C:\HJT with no 'temp' or 'temporary' in the file path.

Although these entries show 'no file', if the program and the program folder had been removed, they would not show at all:
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
These entries are for:
Name: Search Toolbar> Toolbar hailing from zugo.com, bundled with various third party applications
Filename: SearchToolbar.dll
Location: C:\Program Files\search toolbar
Click to expand...

So you need to look in Add/Remove Program, look on the Startup menu and use Windows explorer to go to My computer: Double click on Local Drive(C)> Programs. Look for any folder with any of the names above. If you find any> do a right click> Delete on each.

The following should be removed from the Trusted Zone:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw

Please tell me what, if any problems related to the malware remain.
 
I clean out my search toolbar and the trusted zone. I deleted and re-download highjackthis

Newlog:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:02 PM, on 4/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://bp.cfdfl.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8387 bytes
 
Give the following a try- if it doesn't work, don't worry about it. The sites are legitimate and the only real reason people complain about them is because they didn't put the domain in that zone and can't delete it!

1. Make sure you blocked these domains:
*.msi.com
*.com.tw

Open IE> Tools> Manage Addons> Active X entries will show on the right side> look for add on from company "Micro-star Int'l Co. Ltd" > Click on it to highlight> Double click then click on the Remove button on the left.

Go to Add/Remove Programs in the Control Panel> Highlight and uninstall MSI entry if seen
Use Windows Explorer to remove Program folder:
Right click on Taskbar> Explore> My Computer> Double click on Local Drive (C)> Programs> Look for the MSI folder> do a right click> Delete to remove.

From what I read, this may not keep the sites off. A Registry entry may be required, but I don't send anyone to do that.
========================================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Hi bobye, uhm... "Removing all of the tools we used and the files and folders they created". Why am I doing this? I've never question you before--I'm just curious why we are deleting everything we have done? did you see anything suspicious on the highjackthis log. :confused:

let me know when to proceed. :D
 
Removing these programs and logs won't "delete everything we've done".. The links we give are not meant for permanent program on the system. The programs we used and the logs they produced are tools> when you finish 'remodeling', you put away the tools, do you not?
As to why you're doing this> that's an easy one. You don't need the programs and logs taking up hard drive 'space' and you don't want a program running in the background that's no longer needed.

I addressed the HijackThis log in Reply #39.

The system is clean. Here are some tips to keep it that way.
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o] [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    [o] Temporary File Cleaner
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.

Let me know if you have any more questions.
 
Thanks for all your help Bobye :)

"o]Spybot Search & Destroy" froze 2x when I try to download it. that's the only one I had trouble with.

"[o] Safe Settings
[o] ZonedOut. This manages the Zones in Internet Explorer."

for those 2 above, I download them but I got confuse on how to use them. So I have not run the programs yet.

Safe setting website stated I have to open the "Open the Registry Editor and navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2." That's where I got lost.

ZoneOut-- do I extract all the internet eplorer?
what's the purpose of the host File? does it keep track of all my files?

Sorry I just got confuse with some of sites.

Everything else when through fine. one more thing my system seem to move a little slower after all the download. How do I make my IE run faster?
 
Thank you for pointing these things out. I have added this to the Safe Settings section: (Please ignore the section titled "Creating a Custom Security Zone" which involves using the Registry Editor)

FYI: The suggestion I gave have security programs and/io settings you might not be aware of. You do not have to use them> although all would be an asset to the security of the system. It may be 'weak' in a particular area and this gives you choices to address that.

For full description of and directions for using ZonedOut see http://www.bleepingcomputer.com/forums/topic45807.html

The link for Spybot Search & Destroy appears to be good: https://www.techspot.com/downloads/5-spybot-search-and-destroy.html[/b] At what point did the system freeze? Was there any error message?

Regarding the Safe Settings topic, (Please ignore the section titled "Creating a Custom Security Zone" which involves using the Registry Editor)
==========================================
To help speed up your computer remove entries from the Startup Menu using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
    msconfig_open_xp.gif
  • Click on Selective Startup
  • Choose the Startup tab:
    startup_tab_xp.gif

    All images courtesy NetSquirrel
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Uncheck these processes:
    Reader\reader_sl.exe
    hpwuSchd2.exe (HP update)
    SearchProtection.exe (from Yahoo)
    HP Digital Imaging Monitor
    Microsoft Office
    On-Line Registration
    PowerDVD Help
    PowerDVD
    Readme (Realtek)
    Uninstall PowerDVD
    NoteL You can uncheck all HP processes, all CyberLink/Power DVD processes, all Adobe Reader and Java processes
  • Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.

This does not uninstall these programs, just stops them from automatically starting on boot and running in the background. To access any of the programs when needed go through All Programs. And for the printing/imaging, you can also click on File> Print.
 
Reader\reader_sl.exe
hpwuSchd2.exe (HP update)
SearchProtection.exe (from Yahoo)
HP Digital Imaging Monitor
Microsoft Office
On-Line Registration
PowerDVD Help
PowerDVD
Readme (Realtek)
Uninstall PowerDVD
Those were already uncheck Ha Ha--- there was no need-- I guess I have a slow system.

I'm not sure what I did-- but when I log into my yahoo e-mail or log on to places like monsterjob, careerbuilder or my school webpage-- these site usually have adversiting on the page (safe ones :) )-- but since I download some of the sites i'm not sure what I block -- but I receive "internet explorer cannot display webpage." instead of the ususal advertising on the background.

what did I do?
 
I'm not sure I understand you. Are you now missing ads you use to get?

but I receive "internet explorer cannot display webpage." instead of the ususal advertising on the background.
Click to expand...
The only domains we touched on were these:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw

Not getting an ad wouldn't cause the 'IE can't display page' message. If this occasionally? Always the same site? Is there any suggestion being given to "fix" it? What?

Even if you had specific ad blocking program like AdBlockPlus on Firefox, only the ad would be blocked, not the page.
 
I could not touch the trusted zone. Remmember they could not be rmove?
It could be one of the security browser--I don't know. Maybe I block something. Adobe reader and Java is update. Those background advertisement are from Java right?

If this occasionally? Always the same site?
Click to expand...
it always the site-- for example-- when I log in to read my yahoo mail or school website ( I go to troy) or even yahoo gossip site "OMG"-- on the right or left side there is usually advertisment about getting loan for school, SS# retirement, career builder jobs available, how to loose weight blah blah etc... now I receive internet explorer cannot display webpage

Is there any suggestion being given to "fix" it? What?
Click to expand...

Diagnose Connection Problems
This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
 
Do a disc cleanup to include deleting the temporary internet files, Cookies. Run the Error Checking, do a defrag. Check all your browser setting to make sure they haven't been changed. IF the site is secure, make sure that SSL 2., SSL 3.0 and TLS 1.0 are checked in the browser:
Control Panel> Internet Options> Advanced tab> Security section> all three should be checked.

Firefox> Tools> Options> Advanced> Encryption> check both SSL 3.0 and TLS 1.0.

IF you are using shortcuts you've saved such as on the desktop or Favorites/Bookmarks, create a new one by typing the URL in and saving it once it loads.

The reasons you gave are all legitimate site loading problems. If you did this in Post #44, #1:
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy ListI
Click to expand...
This part is called the IFrame:
on the right or left side there is usually advertisment about getting loan for school, SS# retirement, career builder jobs available, how to loose weight blah blah etc...
Click to expand...
But it would not block the site itself.
Iframe
iframe is an HTML tag that is used to place a "frame", often a picture or graphic, inside of a normal HTML document. iframe was first introduced by Microsoft Internet Explorer and was only available in that browser for a long time but is now supported by almost all visual browsers. The content between the iframe tags will be displayed if the iframe itself is not supported.
Click to expand...
If it is only happening to one or two specific sites, consider a server problem on the site or possibly being down for maintenance.

It is not being caused by malware or anything we did to remove the malware. Please contact either or both your ISP and send email to webmaster@the site name.com.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
388
Fastturtle
F
Cal Jeffrey
Out of Japan: This ultra-low-end 1-bit DIY "computer" sold out immediately after launch
Replies
10
Views
377
Cal Jeffrey
Cal Jeffrey
D
Windows 11 23H2 update starts rolling out with Copilot AI, redesigned File Explorer, and...
Replies
18
Views
763
mgilbert
M

Latest posts

Back