Solved Google redirect and tdsskiller won't run

Status
Not open for further replies.
K

kf4wto

I have the Exact issue as https://www.techspot.com/vb/topic159112.html

I have two iexplore.exe process running, which is not normal since I don't use iexplore.exe. After trying to remove them, they came back immediately. I even went as far as removing internet explorer to see if that did the trick. Each time the iexplore.exe executable was copied back into the folder and the processes ran again. Looking at the process in detail, it looks like it refers to www.clickleg.org and a few others.

TDSSKiller does'nt start even when I attempt to rename it. I was able to run hackthis, dds, and a few others to generate logs but I haven't found anything that sticks out. Judging by the previous topic, Combofix fixed the problem but did not for me. Over the past couple of days I ran Malwarebytes (which did find lots of issues and corrected them), Combofix, Ccleaner, ATFCleaner, exctrlst. None of these fixed the problem. I noticed in History (without opening a website it comes up with clickleg.org, clickmultimedia, searchtart, search.us.bookmarks.com and cpcadnet. These show up in the today history seconds after I delete them. The two iexplore.exe running in task manager is doing it somehow. Thank you for any assistance you can provide.

Added note: I have also turned off system restore and uninstalled AVG for purposes of fixing this issue.
 
Welcome to TechSpot! I'll help with the problem, but first have to get you away from a bad start.

Turn your antivirus back on. Do not disable it unless a scan tells you specifically to do so. You leave the system vulnerable with no AV running.

1. Turning System Restore off was a mistake. Sometimes, a system will become unstable and the only way to get into it is by using the SR. So we don't remove the restore points until after the system is clean.

2. While you thing you may have the 'exact issue' as someone else, the help given to that person is for use only by that person. You don't pick out program to try out.

3. If you have IE8, it is perfectly normal to have two or more iexplore.exe processes.
==========================================
Where you need to start:

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Then you wait for me to review the logs. Please uninstall or disable the programs you downloaded trying to fix this on your own. I will give you the appropriate links and instructions for further scans as needed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Update

I installed and ran recommended Avira Anti-Virus, then ran a full scan. At the time it did not find anything, but during the other requested processes Avira came up with the following that I took the quarantine option:
Begin scan in 'C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll'
C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
[DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4

Beginning disinfection:
C:\Program Files\iWonEI\Installr\1.bin\jfEZSETP.dll
[DETECTION] Contains virus patterns of Adware ADWARE/FunWeb.GQ.4
[NOTE] The file was moved to the quarantine directory under the name '4f5dd1ed.qua'.

Installed and ran TFC.
Installed, updated and ran MBAM and received the following log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5475

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/7/2011 2:37:54 PM
mbam-log-2011-01-07 (14-37-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 207336
Time elapsed: 32 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Installed and ran GMER and received the following log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-07 14:42:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3750640A rev.3.AAE
Running: khe0ofqr.exe; Driver: C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\fxtdapob.sys


---- Threads - GMER 1.0.15 ----

Thread System [4:124] 872F453C
Thread System [4:128] 872F652D

---- EOF - GMER 1.0.15 ----

Installed and ran D.D.S. and received the following DDS/ATTACH:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Larry Williams at 14:45:49.04 on Fri 01/07/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.548 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larry Williams\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-system: zwxinptvxqkymmzwdbdiTaskMgr = 0 (0x0)
Trusted Zone: aol.com\free
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\larryw~1\applic~1\mozilla\firefox\profiles\wh9rbfaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 61960]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-14 91830]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]

=============== Created Last 30 ================

2011-01-07 20:19:02 -------- d-----w- c:\docume~1\larryw~1\applic~1\Avira
2011-01-07 19:54:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:54:49 -------- d-----w- c:\program files\Avira
2011-01-07 19:54:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-07 15:45:44 -------- d-----w- c:\program files\ESET
2011-01-07 13:22:34 -------- d--h--w- c:\windows\PIF
2011-01-07 11:26:50 -------- d-----w- C:\ComboFix
2011-01-06 14:39:21 -------- d-sha-r- C:\cmdcons
2011-01-06 14:21:48 98816 ----a-w- c:\windows\sed.exe
2011-01-06 14:21:48 89088 ----a-w- c:\windows\MBR.exe
2011-01-06 14:21:48 256512 ----a-w- c:\windows\PEV.exe
2011-01-06 14:21:48 161792 ----a-w- c:\windows\SWREG.exe
2011-01-05 18:18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 18:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 18:18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-25 03:01:23 -------- d-----w- c:\program files\Microsoft IntelliType Pro

==================== Find3M ====================

2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-10-21 12:12:30 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 14:51:58.40 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 1:09:35 PM
System Uptime: 1/7/2011 2:02:37 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 674.328 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat Reader 3.02
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Alarm 2.0.4
Apple Application Support
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avira AntiVir Personal - Free Antivirus
B57Inst
BCM V.92 56K Modem
BlueVoda Website Builder 10.2
Broadcom Driver Installer
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon MP190 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Spanish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Corel Applications
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative WebCam Live! Driver (1.01.01.0730)
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Cross Fire En
eFax Messenger 4.3
ESET Online Scanner v3
EverQuest II Extended
Flash Slideshow Maker Pro 4.88
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Inkjet Printer/Scanner Extended Survey Program
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Ipswitch WS_FTP Professional 2007
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 21
Magic DVD Ripper V5.5.0
Malwarebytes' Anti-Malware
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mocha W32 TN5250
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicnotes Software Suite 1.5.1
Netscape (7.2)
PokerStars
QuickBooks 2000
ReaConverter 5.5 Pro
RealPlayer
RealUpgrade 1.0
Retrospect Express HD 1.0
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skins
SmartDraw 6
Sonic CinePlayer DVD Pack
Sound Blaster X-Fi
Sounds Best On Sound Blaster
StormPredator 3.01
StormPredator 3.26
StormPredator 3.3
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (MXO)
WebFldrs XP
Windows Driver Package - KeyScan Image (11/01/2009 8.00.03)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/7/2011 8:50:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:50:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 8:49:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2011 7:05:19 AM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0007E9E9E944 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
1/7/2011 6:53:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 5:36:17 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 1:53:28 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/7/2011 1:53:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/7/2011 1:53:28 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/6/2011 2:31:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

Downloaded and Installed all Windows Security and Critical updates. 81 Updates 15 failed. Deleted, downloaded and installed new Java and Adobe.

During all of these processes and current, I keep receiving a pop-up error stating "Internet Explorer Has Encountered an Error. This is popping up every couple of minutes. The error it is showing is:
C:\DOCUME~1\LARRYW~1\LOCALS~1\Temp\20db_appcompat.txt

I do not have IE8 installed and the IE7 I do have installed I never use except for updates. I use Firefox for my browser and every time I open Firefox I receive "Firefox is not currently set as your default browser. Would you like to make it your default browser?" and take the "yes" option.

Thank you again for your assistance.
 
Kind of hard to know where to start here! First, you were not required to install Avira. These directions say "if you don't have an antivirus...." and we then give 2 recommendations.
===============================================
You've already got Eset on the system. Please update and run a new scan. Paste log in next reply.
=============================================
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
===========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===============================================
Please do not do any other installs or uninstalls unless I instruct you to and>>>>
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
=============================================
I'm going to start fresh here. As for Firefox being the default:
Open Firefox> tools> Options> Advanced tab> System Defaults> Check Always check to see if Firefox is the Default After you have finished saying Yes to the default>>>>>>

Open Internet Connections in either the Control Panel or IE Tools>Programs tab> Uncheck IIE should check if it's the default browser> Click on Apply> OK.
That should fix it. IE is very pushy and if you don't have that unchecked, you'll get hassled.
 
update

I ran Eset but since it found nothing it did not produce any kind of log or report. I do set Firefox as my default and it stays that way for a few minutes until that Iexplore.exe error pops up and then it will default back to IE as the default. Whatever the virus is that I have which forwards my google links is effecting this as well.

I uninstalled and downloaded combofix. It ran and produced the following log:
I have to split it into Three replies though since it is longer than 50k.

=========================================================
ComboFix 11-01-10.04 - Larry Williams 01/10/2011 12:43:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -6:00]
Running from: c:\documents and settings\Larry Williams\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-08 07:25 . 2011-01-08 07:25 -------- d-----w- c:\documents and settings\Larry Williams\Local Settings\Application Data\Temp
2011-01-07 22:29 . 2011-01-07 22:29 -------- d-----w- c:\program files\Common Files\Java
2011-01-07 22:29 . 2011-01-07 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 22:28 . 2011-01-07 22:28 -------- d-----w- c:\program files\Java
2011-01-07 22:22 . 2011-01-07 22:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-07 21:31 . 2011-01-10 00:25 -------- d-----w- c:\windows\system32\NtmsData
2011-01-07 21:09 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-07 21:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-07 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-07 21:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-07 21:05 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-07 21:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-07 21:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-07 21:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-07 21:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-07 20:57 . 2010-07-12 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-07 20:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-07 20:19 . 2011-01-07 20:19 -------- d-----w- c:\documents and settings\Larry Williams\Application Data\Avira
2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\program files\Avira
2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-07 19:54 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:54 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-07 19:54 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-07 19:54 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-07 15:45 . 2011-01-07 15:45 -------- d-----w- c:\program files\ESET
2011-01-07 13:22 . 2011-01-07 13:22 -------- d--h--w- c:\windows\PIF
2011-01-05 18:18 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 18:18 . 2011-01-07 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 18:18 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 03:01 . 2010-12-25 03:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 22:28 . 2010-09-18 10:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-10-13 13:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-10-21 12:12 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-01-06_15.11.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2004-08-04 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2010-03-31 06:16 . 2010-03-31 06:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2011-01-07 21:26 71176 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-07 22:19 71176 c:\windows\system32\perfc009.dat
+ 2009-11-07 07:07 . 2009-11-07 07:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2008-02-14 19:04 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2008-02-14 19:04 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
- 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 00:36 . 2007-08-14 00:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-02-14 19:04 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2008-02-14 19:04 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2004-08-04 12:00 . 2007-08-14 00:44 40960 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 12:00 . 2007-08-14 00:39 92672 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2007-08-14 00:36 36352 c:\windows\system32\imgutil.dll
+ 2007-08-14 00:39 . 2010-10-21 12:11 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2007-08-14 00:39 55296 c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-04 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2007-08-14 00:36 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2011-01-07 19:54 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2004-08-04 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
- 2004-08-04 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-02-15 11:24 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-04 12:00 . 2007-08-14 00:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-04 12:00 . 2007-08-14 00:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2007-08-14 00:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2008-02-15 11:24 . 2010-10-21 12:11 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-02-15 11:24 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2007-08-14 00:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 00:45 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-02-15 11:24 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-02-14 19:05 . 2007-08-14 00:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2007-08-14 00:42 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2007-08-14 00:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
- 2011-01-05 00:09 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-07 20:08 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-02-14 19:10 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-02-14 19:10 . 2011-01-06 14:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2004-08-04 12:00 . 2007-08-14 00:39 71680 c:\windows\system32\admparse.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-01-07 22:22 . 2011-01-07 22:22 28160 c:\windows\Installer\2dff8e.msi
+ 2011-01-07 21:13 . 2011-01-07 21:13 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-01-07 15:08 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2011-01-07 15:08 . 2007-08-14 00:39 13312 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2011-01-07 15:08 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2011-01-07 15:08 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2011-01-07 15:08 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2011-01-07 15:08 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2011-01-07 15:08 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2011-01-07 15:09 . 2010-08-31 12:09 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2011-01-07 15:09 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2011-01-07 15:09 . 2010-09-08 15:57 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2011-01-07 15:09 . 2010-09-09 13:38 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
+ 2011-01-07 15:09 . 2010-04-16 13:24 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
+ 2011-01-07 15:09 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
+ 2011-01-07 15:09 . 2010-04-16 13:24 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
+ 2011-01-07 15:09 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2011-01-07 21:28 . 2011-01-07 21:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2011-01-07 21:28 . 2011-01-07 21:28 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-01-07 21:17 . 2011-01-07 21:17 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-04-08 10:34 . 2009-04-08 10:34 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-07 21:10 . 2008-04-14 00:12 56320 c:\windows\$NtUninstallKB959426$\secur32.dll
+ 2011-01-07 21:10 . 2008-04-14 00:12 91648 c:\windows\$NtUninstallKB952004$\mtxoci.dll
+ 2011-01-07 21:10 . 2008-04-14 00:12 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll
+ 2011-01-07 21:10 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll
+ 2011-01-07 15:07 . 2005-10-12 23:12 14048 c:\windows\$NtUninstallKB915865$\spmsg.dll
+ 2011-01-07 15:07 . 2005-10-12 23:12 22752 c:\windows\$NtUninstallKB915865$\spcustom.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB959426\spmsg.dll
+ 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
+ 2011-01-07 21:10 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB923561\update\spcustom.dll
+ 2011-01-07 21:10 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB923561\spmsg.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-04-08 10:37 . 2009-04-08 10:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-04-08 10:36 . 2009-04-08 10:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-01-07 20:57 . 2008-05-03 11:55 2560 c:\windows\$hf_mig$\KB923561\SP3QFE\xpsp4res.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-02-15 11:23 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
- 2008-02-15 11:23 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
+ 2008-02-14 19:05 . 2009-08-07 01:23 209624 c:\windows\system32\wuweb.dll
- 2008-02-14 19:05 . 2009-08-07 00:23 209624 c:\windows\system32\wuweb.dll
+ 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2007-08-14 00:45 . 2007-08-14 00:45 206336 c:\windows\system32\winfxdocobj.exe
+ 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2010-03-31 06:10 . 2010-03-31 06:10 295264 c:\windows\system32\PresentationHost.exe
+ 2004-08-04 12:00 . 2011-01-07 21:26 441432 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-07 22:19 441432 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 12:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
- 2008-02-14 19:04 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
+ 2008-02-14 19:04 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
+ 2004-08-04 12:00 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
+ 2008-02-14 19:04 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2008-02-14 19:04 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-02-14 19:04 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2008-02-14 19:04 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2008-02-14 19:04 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 297808 c:\windows\system32\mscoree.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 02:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2011-01-07 22:29 . 2011-01-07 22:28 157472 c:\windows\system32\javaws.exe
- 2010-09-18 10:19 . 2010-09-18 10:19 145184 c:\windows\system32\javaw.exe
+ 2011-01-07 22:29 . 2011-01-07 22:28 145184 c:\windows\system32\javaw.exe
- 2010-09-18 10:19 . 2010-09-18 10:19 145184 c:\windows\system32\java.exe
+ 2011-01-07 22:29 . 2011-01-07 22:28 145184 c:\windows\system32\java.exe
- 2008-02-14 19:05 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2008-02-14 19:05 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2007-08-14 00:54 . 2007-08-14 00:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-14 00:34 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
- 2008-02-14 19:05 . 2009-08-07 00:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-14 19:05 . 2009-08-07 01:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-02-14 19:05 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-04-08 10:11 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2006-09-23 19:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-08-04 12:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
- 2004-08-04 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-02-15 11:24 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-08 10:09 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2009-04-08 10:07 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-04-08 10:07 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-02-14 19:05 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-02-15 11:24 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-02-15 11:24 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
 
Part 2

+ 2004-08-04 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2008-02-14 19:05 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2008-02-14 19:05 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 12:40 . 2010-05-11 12:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 12:40 . 2010-05-11 12:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\3e5f4b.msp
+ 2011-01-07 21:13 . 2011-01-07 21:13 429568 c:\windows\Installer\3e5f2b.msi
+ 2009-03-20 17:48 . 2009-03-20 17:48 183808 c:\windows\Installer\3e5f22.msp
+ 2011-01-07 19:53 . 2011-01-07 19:53 219648 c:\windows\Installer\2e7cd6.msi
+ 2011-01-07 22:29 . 2011-01-07 22:29 180224 c:\windows\Installer\2e0210.msi
+ 2011-01-07 22:28 . 2011-01-07 22:28 675840 c:\windows\Installer\2e020b.msi
+ 2011-01-07 15:08 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2011-01-07 15:08 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2011-01-07 15:08 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2011-01-07 15:08 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2011-01-07 15:08 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2011-01-07 15:08 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2011-01-07 15:08 . 2007-08-14 00:54 191488 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2011-01-07 15:08 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2011-01-07 15:09 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2011-01-07 15:09 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2011-01-07 15:09 . 2010-09-09 13:38 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 468480 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2011-01-07 15:09 . 2010-08-25 11:30 634648 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2011-01-07 15:09 . 2010-09-09 13:38 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2011-01-07 15:09 . 2010-08-25 11:29 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
+ 2011-01-07 15:09 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
+ 2011-01-07 15:09 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
+ 2011-01-07 15:09 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
+ 2011-01-07 15:09 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
+ 2011-01-07 15:09 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
+ 2011-01-07 15:09 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
+ 2009-10-13 13:40 . 2006-09-06 23:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2009-04-08 10:09 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-01-07 21:39 . 2011-01-07 21:39 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2011-01-07 21:33 . 2011-01-07 21:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2011-01-07 21:38 . 2011-01-07 21:38 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2011-01-07 21:40 . 2011-01-07 21:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2011-01-07 21:40 . 2011-01-07 21:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2011-01-07 21:40 . 2011-01-07 21:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2011-01-07 21:39 . 2011-01-07 21:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2011-01-07 21:33 . 2011-01-07 21:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2011-01-07 21:39 . 2011-01-07 21:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2011-01-07 21:39 . 2011-01-07 21:39 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-01-07 21:17 . 2011-01-07 21:17 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-01-07 21:17 . 2011-01-07 21:17 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-04-08 10:34 . 2009-04-08 10:34 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-01-07 21:17 . 2011-01-07 21:17 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 12:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2011-01-07 21:09 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2011-01-07 21:09 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2011-01-07 21:10 . 2008-04-14 00:12 354304 c:\windows\$NtUninstallKB960803$\winhttp.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB960803$\spuninst\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB959426$\spuninst\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe
+ 2011-01-07 21:10 . 2008-04-14 00:11 989696 c:\windows\$NtUninstallKB959426$\kernel32.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB952004$\spuninst\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe
+ 2011-01-07 21:10 . 2008-04-14 00:11 161792 c:\windows\$NtUninstallKB952004$\msdtcuiu.dll
+ 2011-01-07 21:10 . 2008-04-14 00:11 956928 c:\windows\$NtUninstallKB952004$\msdtctm.dll
+ 2011-01-07 21:10 . 2008-04-14 00:11 427008 c:\windows\$NtUninstallKB952004$\msdtcprx.dll
+ 2011-01-07 21:10 . 2008-04-14 00:12 214528 c:\windows\$NtUninstallKB923561$\wordpad.exe
+ 2011-01-07 21:10 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB923561$\spuninst\updspapi.dll
+ 2011-01-07 21:10 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe
+ 2011-01-07 15:07 . 2009-01-07 23:21 121856 c:\windows\$NtUninstallKB915865$\xmllite.dll
+ 2011-01-07 15:07 . 2005-10-12 23:12 371424 c:\windows\$NtUninstallKB915865$\updspapi.dll
+ 2011-01-07 15:07 . 2005-10-12 23:12 716000 c:\windows\$NtUninstallKB915865$\update.exe
+ 2011-01-07 15:07 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB915865$\spuninst.exe
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB959426\update\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB959426\update\update.exe
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB959426\spuninst.exe
+ 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
+ 2011-01-07 21:10 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2011-01-07 21:10 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2011-01-07 21:10 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB923561\update\updspapi.dll
+ 2011-01-07 21:10 . 2008-11-15 17:18 755576 c:\windows\$hf_mig$\KB923561\update\update.exe
+ 2011-01-07 21:10 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB923561\spuninst.exe
+ 2011-01-07 20:57 . 2008-04-21 12:15 215552 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe
+ 2011-01-07 21:01 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2011-01-07 21:08 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-04 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-03-17 13:47 . 2011-01-07 08:09 1940828 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2007-05-15 20:43 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-02-14 19:04 . 2009-06-10 15:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-04 12:00 . 2010-11-06 12:04 3604480 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:54 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
+ 2007-02-12 22:10 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 19:12 . 2006-09-23 19:12 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 00:12 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-04-08 10:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-02-14 19:04 . 2009-06-10 15:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 12:00 . 2010-11-06 12:04 3604480 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-15 11:24 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2008-02-15 11:24 . 2010-02-22 22:04 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2006-09-23 19:12 . 2006-09-23 19:12 1022976 c:\windows\system32\dllcache\browseui.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-11-07 07:06 . 2009-11-07 07:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 11:32 . 2010-03-23 11:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 12:40 . 2010-05-11 12:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 12:40 . 2010-05-11 12:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-11-09 06:25 . 2009-11-09 06:25 1935360 c:\windows\Installer\3e5f64.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\3e5f36.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\3e5f35.msp
+ 2011-01-07 22:24 . 2011-01-07 22:24 2283008 c:\windows\Installer\2dff93.msi
+ 2011-01-07 15:08 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2011-01-07 15:08 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2011-01-07 15:08 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2011-01-07 15:08 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dat
+ 2011-01-07 15:09 . 2010-09-09 13:38 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2011-01-07 15:09 . 2010-09-10 01:08 3601920 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2011-01-07 15:09 . 2010-09-09 13:38 6075904 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2011-01-07 15:09 . 2010-07-05 20:32 2452872 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dat
+ 2011-01-07 15:09 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
+ 2011-01-07 15:09 . 2010-05-05 04:50 3600384 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
+ 2011-01-07 15:09 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
+ 2011-01-07 15:09 . 2010-02-22 22:04 2452872 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dat
+ 2011-01-07 21:28 . 2011-01-07 21:28 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2011-01-07 21:42 . 2011-01-07 21:42 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2011-01-07 21:38 . 2011-01-07 21:38 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2011-01-07 21:38 . 2011-01-07 21:38 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2011-01-07 21:40 . 2011-01-07 21:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2011-01-07 21:40 . 2011-01-07 21:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2011-01-07 21:33 . 2011-01-07 21:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2011-01-07 21:31 . 2011-01-07 21:31 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2011-01-07 21:41 . 2011-01-07 21:41 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-01-07 21:39 . 2011-01-07 21:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2011-01-07 21:23 . 2011-01-07 21:23 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-01-07 21:17 . 2011-01-07 21:17 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-01-07 21:23 . 2011-01-07 21:23 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-04-08 10:36 . 2009-04-08 10:36 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-04-08 10:37 . 2009-04-08 10:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-04-08 10:34 . 2009-04-08 10:34 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-07 21:23 . 2011-01-07 21:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-07 21:26 . 2011-01-07 21:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
+ 2008-02-15 11:22 . 2010-12-09 03:34 37366216 c:\windows\system32\MRT.exe
+ 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-05-19 19:08 . 2010-05-19 19:08 11408896 c:\windows\Installer\3e5f7a.msp
+ 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\3e5f70.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\3e5f44.msp
+ 2011-01-07 21:28 . 2011-01-07 21:28 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2011-01-07 21:38 . 2011-01-07 21:38 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2011-01-07 21:32 . 2011-01-07 21:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2011-01-07 21:29 . 2011-01-07 21:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2011-01-07 21:28 . 2011-01-07 21:28 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2011-01-07 21:27 . 2011-01-07 21:27 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
 
Part 3

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-02-21 01:58 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-02-21 01:58 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 14:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
2008-02-14 20:43 94208 ----a-w- c:\windows\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
2004-07-30 21:47 6946816 ----a-w- c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-09-25 23:10 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"RetroExpLauncher"=2 (0x2)
"MDM"=2 (0x2)
"KodakSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"idsvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"rcp_service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"dlbx_device"=2 (0x2)
"IDriverT"=3 (0x3)
"npggsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22745:TCP"= 22745:TCP:BitCometLite 22745 TCP
"22745:UDP"= 22745:UDP:BitCometLite 22745 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/7/2011 1:54 PM 135336]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/14/2008 2:09 PM 91830]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]

2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Larry Williams\Application Data\Mozilla\Firefox\Profiles\wh9rbfaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 13:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1604221776-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{282BA93A-459E-D56F-F0E4-DA926EBF8E3E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabflbhdkl"=hex:66,61,6c,6b,6b,62,64,6f,64,68,66,66,00,31
"daoeobdl"=hex:64,62,6e,6b,68,65,64,65,6d,69,6f,6d,6d,63,66,67,6a,65,6a,62,66,
6f,6a,66,6f,68,64,6c,69,67,66,68,65,66,63,62,70,6a,6f,61,00,00
"iajlfbpboaignbgobm"=hex:6a,61,69,6f,6b,6c,61,64,6f,6d,6f,62,65,69,61,64,68,65,
6e,6c,00,00
"hadlddmofichlkma"=hex:6a,61,69,6f,6b,6c,61,64,6f,6d,6f,62,65,69,61,64,68,65,
6e,6c,00,d0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(15864)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-10 13:23:30
ComboFix-quarantined-files.txt 2011-01-10 19:23
ComboFix2.txt 2011-01-07 12:19
ComboFix3.txt 2011-01-06 15:27

Pre-Run: 721,369,972,736 bytes free
Post-Run: 723,986,563,072 bytes free

- - End Of File - - 3070B18EEC37A20D97077234AFEDB3E2
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\xdva370.sys
c:\windows\system32\xdva372.sys
c:\windows\system32\xdva374.sys
c:\windows\system32\xdva375.sys
c:\windows\system32\xdva377.sys
c:\windows\system32\xdva379.sys
RegNull::
[HKEY_USERS\S-1-5-21-796845957-1604221776-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{282BA93A-459E-D56F-F0E4-DA926EBF8E3E}*]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
Driver::
XDva370
XDva372
XDva374
XDva375
XDva377
XDva379
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Recommend you remove this site from the Trusted Zone: Trusted Zone: aol.com\free
Security is lower in thie zone and nothing nneeds to be in it.
===================
I found that when setting the default browser, you not only have to set the one you want as default, but you also need to be sure Internet Explorer is unchecked. IE is very pushy and given the chance, it will try to be the default.
====================
The entry Avira found was for FunWeb. This is a site for3D cursors, Smilies, wallpaper and such and is loaded with adware. It usually brings MyWeb Search with it.
===================
So far, there is not indication of a rootkit unless something turns up in th script. Do you know what this entry is:
uPolicies-system: zwxinptvxqkymmzwdbdiTaskMgr = 0 (0x0) (from DDS)
and same in Combofix:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)

I notice you have some policies set, but the Task Manager isn't in them.
 
Update

I did as requested and the combofix log will follow. Those policies you mentioned I have never seen before. Something to mention, When the Iexplore.exe jobs kick in every two minutes and the error comes up, it puts a log file in the temp folder called serf_conf.log and test.reg. The log shows the following which I thought was interesting. I can delete it but then when the Iexplore pops up it recreates it.
======================
[PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end][PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
http://www.clickleg.org/ac.php?aid=448&sid=direct2
http://www.clickmultimedia.org/ac.php?aid=448&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.clickmultimedia.org/ac.php=|www.clickmultimedia.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
onlineprostats.com
searchsubstantial.org
searchdistribution.org
searchformat.org
modeview.org
modeview.org
searchdistribution.org
searchserver.org
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
10:1:2011
[date_end]

======================
COMBOFIX LOG
======================
ComboFix 11-01-10.04 - Larry Williams 01/10/2011 17:17:50.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.698 [GMT -6:00]
Running from: c:\documents and settings\Larry Williams\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Larry Williams\My Documents\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\xdva370.sys"
"c:\windows\system32\xdva372.sys"
"c:\windows\system32\xdva374.sys"
"c:\windows\system32\xdva375.sys"
"c:\windows\system32\xdva377.sys"
"c:\windows\system32\xdva379.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA370
-------\Legacy_XDVA372
-------\Legacy_XDVA374
-------\Legacy_XDVA375
-------\Legacy_XDVA377
-------\Legacy_XDVA379
-------\Service_XDva370
-------\Service_XDva372
-------\Service_XDva374
-------\Service_XDva375
-------\Service_XDva377
-------\Service_XDva379


((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-08 07:25 . 2011-01-08 07:25 -------- d-----w- c:\documents and settings\Larry Williams\Local Settings\Application Data\Temp
2011-01-07 22:29 . 2011-01-07 22:29 -------- d-----w- c:\program files\Common Files\Java
2011-01-07 22:29 . 2011-01-07 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 22:28 . 2011-01-07 22:28 -------- d-----w- c:\program files\Java
2011-01-07 22:22 . 2011-01-07 22:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-07 21:31 . 2011-01-10 00:25 -------- d-----w- c:\windows\system32\NtmsData
2011-01-07 21:09 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-07 21:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-07 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-07 21:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-07 21:05 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-07 21:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-07 21:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-07 21:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-07 21:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-07 20:57 . 2010-07-12 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-07 20:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-07 20:19 . 2011-01-07 20:19 -------- d-----w- c:\documents and settings\Larry Williams\Application Data\Avira
2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\program files\Avira
2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-07 19:54 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:54 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-07 19:54 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-07 19:54 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-07 15:45 . 2011-01-07 15:45 -------- d-----w- c:\program files\ESET
2011-01-07 13:22 . 2011-01-07 13:22 -------- d--h--w- c:\windows\PIF
2011-01-05 18:18 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 18:18 . 2011-01-07 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 18:18 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 03:01 . 2010-12-25 03:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 22:28 . 2010-09-18 10:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-10-13 13:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-10-21 12:12 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2011-01-10_19.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 20:08 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-07 20:08 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-14 19:10 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-02-14 19:10 . 2011-01-10 20:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-02-14 19:10 . 2011-01-10 18:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"zwxinptvxqkymmzwdbdiTaskMgr"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-02-21 01:58 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-02-21 01:58 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 14:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
2008-02-14 20:43 94208 ----a-w- c:\windows\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
2004-07-30 21:47 6946816 ----a-w- c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-09-25 23:10 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"RetroExpLauncher"=2 (0x2)
"MDM"=2 (0x2)
"KodakSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"idsvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"rcp_service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"dlbx_device"=2 (0x2)
"IDriverT"=3 (0x3)
"npggsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22745:TCP"= 22745:TCP:BitCometLite 22745 TCP
"22745:UDP"= 22745:UDP:BitCometLite 22745 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/7/2011 1:54 PM 135336]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/14/2008 2:09 PM 91830]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]

2011-01-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1604221776-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Larry Williams\Application Data\Mozilla\Firefox\Profiles\wh9rbfaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 17:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-10 18:01:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 00:00
ComboFix2.txt 2011-01-10 19:23
ComboFix3.txt 2011-01-07 12:19
ComboFix4.txt 2011-01-06 15:27

Pre-Run: 724,008,947,712 bytes free
Post-Run: 724,109,934,592 bytes free

- - End Of File - - DBAEBE8CC6708159B7AD0DBF2B9D0FBC
 
Thanks to for info. But try doing a search to ID something with 'click' as part of the word! Anyway, after a trip around the internet, I have found this info:

Does anything below look familiar to you?
Clickleg.org is currently hosted at Ecomdevel visit site. The IP 209.212.147.208 links to a server in Arlington Heights, United States. The company behind this all is Ecomdevel.Ecomdevel Llc does business in Wired Telecommunications Carriers.
View full company profile
URLs: www.ecomdevel.com
Stock Symbol: Ecomdevel Llc
Line Of Business: Internet Host Services
Estimated Annual Sales: $810,000
Estimated # of Employees: 8
Year Founded: 2003
Also Known As: Gigenet>> "GigeNET offers complete hosting solutions for large and small companies".
http://www.aboutus.org/ClickLeg.org#home-page-analysis-
===================================
I'd like you to run HijackThis and see if we can pick up the IP as the Name Server. Then I can deal with it from there. Please don't do anything about it on your own!
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
I'd like you to run a different online virus scan:
Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
 
Update

I tried to run the Kaperskey Online Scanner 5 different times using IE7 and received the following error:Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

I made sure it was the only thing running and I did not have any internet interuptions. I even shut off the Antivir Guard on the Avira Antivirus to make sure that was not the issue.

=============================
Logfile of HijackThis v1.99.1
Scan saved at 12:29:29 PM, on 1/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larry Williams\Desktop\Downloads\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294433759390
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

====================================
I have Microsoft Process Monitor and was running it trying to capture what is creating the temp file. I found iexplore.exe is
writing the serf_conf.log file every time it auto kicks on. It is using a DLL called rpcss.dll and a QueryDirectory C:\Documents and Settings\Larry Williams\Desktop\*EDS.txt .
 
Bump

This has been going on for a week now. One response per day is getting old. Is there a fix or do I need to format and spend 2 days re-installing?
 
Gosh it's bothersome when the people I help don't realize that I volunteer to help out here and also have a life!

Considering you came here after running a bunch of scans and deleting unknown entries, I though I was helping you.

SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it, then press 'Next'.
  • Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Paste the notepad file here on your reply
====================
 
Last Post

Gosh? It's bothersome to me when there is a website claiming to assist people that have smartasses claiming they are assisting people. Yes, I ran scans and did indeed fix other issues before making a post on this site. I am the owner of an IBM AS400 Consulting Company and have been programming IBM mainframes and mid-range systems for the last 27 years. In analyzing the problem, I noticed someone else had the exact same virus and figured I would be able to get a one reply solution since it was the same issue to the letter. For the past week we have gotten no place, so your so called "help" has gotten me nothing at all.

Here is some advice, keep your day job! I won't be coming to this site again.
 
Running Superantispyware should help to remove the Tracking Cookies you appear to have.

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Wishing you the best for a Happy and Peaceful New Year.!
peace_dove_bigger_normal.jpg
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Data Governance and Provenance: Two words that are critical to the future of generative AI
Replies
1
Views
119
human7
H
E
WhatsApp scores major legal victory over Pegasus spyware maker, forcing it to provide...
Replies
5
Views
207
BuckarooBonzaii
B
Cal Jeffrey
DoJ claims Google 'systematically destroyed' evidence by auto-deleting chat logs
Replies
11
Views
992
rsmith222
R

Latest posts

Back