My computer has become very badly infected , it stops loading many times and shuts down without notice other times. Please help me to get this cleaned up.

Hi and Welcome,

NOTE:

• Malware removal is NOT instantaneous.
• Most infections require more than one round to properly eradicate.
• Absence of symptoms does not always mean the job is complete.
• You can be certain that I will advise you when the computer is clean.
• Kindly follow my instructions in the order posted.
• Please resist the urge to run further scans or fix items on your own without my direction.

Please do the following:

STEP #1

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



STEP #2


Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

I ran dds scan here are the two logs from that one.


DDS (Ver_09-05-14.01) - NTFSx86
Run by grandma at 9:42:22.49 on Mon 06/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.32 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\grandma\My Documents\iWin Games\iWinGamesInstaller.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Adobe\BoontyBox\BoontyBox.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\grandma\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar with netassistant\NetAssistant.dll
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: ALOT Toolbar BHO: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: SmartShopper: {2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar with netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar with netassistant\freeze_us.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar with netassistant\freeze_us.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: SmartShopper: {137e6e5e-a205-4657-a49f-1ab865787089} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegPowerClean] "c:\program files\winferno\registrypowercleaner\RegPowerClean.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
StartupFolder: c:\docume~1\grandma\startm~1\programs\startup\boonty~1.lnk - c:\program files\adobe\boontybox\BoontyBox.exe
StartupFolder: c:\docume~1\grandma\startm~1\programs\startup\iwinde~1.lnk - c:\documents and settings\all users\application data\iwin games\desktopalerts\DesktopAlerts.exe
StartupFolder: c:\docume~1\grandma\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Slingo%20Quest/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245256869062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Slingo%20Quest/Images/armhelper.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\fun4im\bndhook.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-3 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-9 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-3 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-3 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-3 298776]
R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\fun4im\Bandoo.exe [2009-1-6 1281984]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\documents and settings\grandma\my documents\iwin games\iWinGamesInstaller.exe [2008-9-9 78104]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-10-12 194304]
S2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\all users\application data\seekeensrch\seekeen147.exe [2009-3-4 4608]

=============== Created Last 30 ================

2009-06-18 07:17 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-18 07:17 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-17 11:51 <DIR> --d----- c:\program files\Trend Micro
2009-06-17 10:58 <DIR> --d----- c:\program files\Secunia
2009-06-17 09:57 <DIR> --d----- c:\docume~1\grandma\applic~1\Malwarebytes
2009-06-17 09:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-17 09:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-17 09:46 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-16 14:22 <DIR> --d----- c:\program files\Microsoft
2009-06-16 14:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-15 12:28 <DIR> --d----- c:\docume~1\grandma\applic~1\aAvgApi
2009-06-11 03:06 <DIR> --d----- c:\windows\ie8updates
2009-06-10 15:58 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 15:58 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-08 14:31 <DIR> --d----- c:\documents and settings\grandma\cs
2009-06-08 14:31 <DIR> --d----- C:\Application Data
2009-06-06 16:39 <DIR> --dsh--- c:\documents and settings\grandma\IECompatCache
2009-06-06 16:37 <DIR> --dsh--- c:\documents and settings\grandma\PrivacIE
2009-06-06 16:34 <DIR> --dsh--- c:\documents and settings\grandma\IETldCache
2009-06-06 16:23 <DIR> -cd-h--- c:\windows\ie8
2009-06-03 18:30 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-03 18:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-03 18:19 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-03 18:19 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-03 18:19 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-03 18:19 <DIR> --d----- c:\docume~1\grandma\applic~1\AVGTOOLBAR
2009-06-03 18:19 <DIR> --d----- c:\program files\AVG
2009-06-03 18:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2009-06-18 19:54 4,600 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-02 16:51 88,959 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-28 14:06 56 ---shr-- c:\windows\system32\FCFEABE34F.sys

===
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2007 11:14:49 AM
System Uptime: 6/19/2009 8:53:31 PM (61 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 53.535 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP505: 6/3/2009 7:37:11 AM - System Checkpoint
RP506: 6/3/2009 6:18:54 PM - Installed AVG Free 8.5
RP507: 6/4/2009 3:00:18 AM - Software Distribution Service 3.0
RP508: 6/5/2009 3:28:07 AM - System Checkpoint
RP509: 6/6/2009 4:28:05 AM - System Checkpoint
RP510: 6/6/2009 4:10:48 PM - Software Distribution Service 3.0
RP511: 6/6/2009 6:09:50 PM - Software Distribution Service 3.0
RP512: 6/7/2009 3:00:18 AM - Software Distribution Service 3.0
RP513: 6/8/2009 3:27:59 AM - System Checkpoint
RP514: 6/9/2009 4:26:55 AM - System Checkpoint
RP515: 6/10/2009 5:26:53 AM - System Checkpoint
RP516: 6/11/2009 3:00:19 AM - Software Distribution Service 3.0
RP517: 6/12/2009 3:00:24 AM - Software Distribution Service 3.0
RP518: 6/13/2009 3:16:53 AM - System Checkpoint
RP519: 6/14/2009 3:00:18 AM - Software Distribution Service 3.0
RP520: 6/15/2009 3:47:09 AM - System Checkpoint
RP521: 6/16/2009 3:00:25 AM - Software Distribution Service 3.0
RP522: 6/16/2009 2:19:36 PM - Installed Java™ 6 Update 14
RP523: 6/16/2009 2:21:16 PM - Installed MSN Toolbar Setup
RP524: 6/17/2009 9:42:51 AM - Software Distribution Service 3.0
RP525: 6/17/2009 9:46:18 AM - Software Distribution Service 3.0
RP526: 6/18/2009 10:12:23 AM - System Checkpoint
RP527: 6/19/2009 2:26:56 PM - System Checkpoint
RP528: 6/19/2009 8:27:30 PM - Software Distribution Service 3.0
RP529: 6/20/2009 8:57:54 PM - System Checkpoint
RP530: 6/21/2009 9:05:56 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Alabama Smith Escape from Pompeii (remove only)
ALOT Toolbar
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Ask Toolbar
AVG Free 8.5
Big Fish Games Client
BoontyBox 2.1
Call of Atlantis (remove only)
Citrix Presentation Server Client - Web Only
Cooking Academy (remove only)
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 924
Dell Support Center
Dell System Restore
DellSupport
Digital Content Portal
EarthLink setup files
EducateU
ESPN Version 2.0.7.12
ESPNMotion
FamilyFeudOnlineParty (remove only)
Fun4IM
GemMaster Mystic
Get High Speed Internet!
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
InstallMgr
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iWin Games (remove only)
iWin Toolbar
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 14
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My.Freeze.com Toolbar with NetAssistant
MyWay Search Assistant
NETGEAR WG111v2 wireless USB 2.0 adapter
NetZeroInstallers
Otto
PC Confidential 2008
PowerDVD 5.5
QuickTime
RealPlayer Basic
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Seekeen 1.0 build 147
Slingo Deluxe
Slingo Quest
Slingo Supreme
Slingo Supreme (remove only)
SmartShopper
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
The Weather Channel Desktop 6
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WeatherBug
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Winferno Registry Power Cleaner
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/17/2009 9:27:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2009 9:27:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================
========== FINISH: 9:44:35.55 ===============

I ran the GMER scan it took 2.5 hours ,when it finished there was nothing detected but when I clicked on the button to produce the log everything just vanished. The windows just shut down losing everything from the GMER scan before it would produce the log. I've sent youo the DDS logs and need to know how you want me to procede. Thanks Patrick

This post has been edited by Patrick42: Jun 22 2009, 02:07 PM

Hi,

Please do the following:

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Here is the nLog from Combo-Fix.

ComboFix 09-06-23.01 - grandma 06/24/2009 9:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.194 [GMT -7:00]
Running from: c:\documents and settings\grandma\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 15:55 . 2009-06-24 15:55 -------- d-----w- c:\windows\system32\LogFiles
2009-06-18 14:17 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-17 18:51 . 2009-06-17 18:51 -------- d-----w- c:\program files\Trend Micro
2009-06-17 17:58 . 2009-06-17 17:58 -------- d-----w- c:\program files\Secunia
2009-06-17 17:01 . 2009-06-17 17:01 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\grandma\Application Data\Malwarebytes
2009-06-17 16:57 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:57 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 16:57 . 2009-06-17 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 16:46 . 2009-06-17 16:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Application Data\CyberLink
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Local Settings\Application Data\PowerDVD
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-----w- c:\program files\Microsoft
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-16 21:20 . 2009-06-16 21:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 21:19 . 2009-06-16 21:19 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-15 19:28 . 2009-06-15 19:28 -------- d-----w- c:\documents and settings\grandma\Application Data\aAvgApi
2009-06-11 10:06 . 2009-06-11 10:06 -------- d-----w- c:\windows\ie8updates
2009-06-10 22:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 22:58 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 17:44 . 2009-06-10 17:57 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- c:\documents and settings\grandma\cs
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- C:\Application Data
2009-06-06 23:39 . 2009-06-06 23:39 -------- d-sh--w- c:\documents and settings\grandma\IECompatCache
2009-06-06 23:37 . 2009-06-06 23:37 -------- d-sh--w- c:\documents and settings\grandma\PrivacIE
2009-06-06 23:34 . 2009-06-06 23:34 -------- d-sh--w- c:\documents and settings\grandma\IETldCache
2009-06-06 23:23 . 2009-06-06 23:24 -------- dc-h--w- c:\windows\ie8
2009-06-04 01:30 . 2009-06-24 12:26 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 01:19 . 2009-06-04 01:19 -------- d-----w- c:\program files\AVG
2009-06-04 01:19 . 2009-06-24 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 15:51 . 2009-04-30 02:53 -------- d-----w- c:\documents and settings\grandma\Application Data\alot
2009-06-23 23:59 . 2008-06-17 01:20 56 --sh--r- c:\windows\system32\988960E50C.sys
2009-06-23 23:59 . 2008-06-17 01:20 4600 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-23 23:57 . 2008-10-25 21:18 -------- d-----w- c:\documents and settings\grandma\Application Data\SmartShopper
2009-06-17 22:13 . 2008-07-06 11:59 130 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\fusioncache.dat
2009-06-16 21:19 . 2005-12-16 17:08 -------- d-----w- c:\program files\Java
2009-06-15 01:05 . 2007-12-09 21:28 -------- d-----w- c:\program files\Dl_cats
2009-06-04 12:50 . 2009-03-05 06:37 -------- d-----w- c:\program files\SeekeenSrch
2009-06-04 12:40 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-05-28 19:57 . 2008-11-30 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 05:15 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 02:53 . 2009-04-30 02:53 -------- d-----w- c:\program files\alot
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 20:35 . 2008-10-16 16:05 42504 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 23:51 . 2005-08-16 10:41 88959 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-11-28 21:06 . 2008-11-28 21:06 56 --sh--r- c:\windows\system32\FCFEABE34F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 01:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2008-10-01 19:02 253048 ----a-w- c:\program files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegPowerClean"="c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [2007-04-12 5980160]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-16 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

c:\documents and settings\grandma\Start Menu\Programs\Startup\
BoontyBox Play Toad.lnk - c:\program files\Adobe\BoontyBox\BoontyBox.exe [2009-1-6 816736]
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-11-23 108544]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-10-12 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-09 21:23 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Fun4IM\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Documents and Settings\\grandma\\My Documents\\iWin Games\\iWinGames.exe"=
"c:\\Documents and Settings\\grandma\\My Documents\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe"=

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/12/2008 4:11 PM 194304]
S2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen147.exe [3/4/2009 11:37 PM 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-01-06 22:10]

2009-06-20 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-25 22:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 09:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\FNHQK8MAZZ9GAQ6M

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\RtlGina2.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\Fun4IM\Bandoo.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\system32\dlcccoms.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2009-06-24 9:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 16:49

Pre-Run: 57,334,927,360 bytes free
Post-Run: 62,253,481,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

208 --- E O F --- 2009-06-20 03:28

In order to run the Combo Fix tool I had to uninstall the AVG anti virus software, I could not get it to shut down for the scan. We now have a huge problem, I was attempting to download and install a new anti virus protection. I wanted to try the Avira Free Edition. When I went to the download page everything went fine until I actually started the final download process, at this point nothing happens. There is no attempt whatsover to start the download, no green progress bar on the bottom and no file downloaded. I tried it with differant anti virus programs (all free) but to no avail. I cannot download any programs now, I tried with and without the firewall being restarted, went through several sources for the software and nothing works. Please help me.

Hi,



Don't try and install any programs to your computer till it is completely clean. Only connect to the internet when I require you to download a tool or run an online scan, other wise stay disconnected from the net.


Please do the following:

Please go to Virus Total

• Copy paste the following full path into the empty box under 'Upload a file'
  

  c:\windows\system32\988960E50C.sys

• Click 'Send File'

Copy/paste the results into Notepad and save it to your desktop. Please post the results in your next reply.[/QUOTE]



Do the same for the following file:

c:\windows\system32\FCFEABE34F.sys

NEXT

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT

Open your MalwareBytes Antimalware program.

Go to updates and allow the program to update to the latest definitions.

Do a quick scan and allow the program to remove anything detected

Post the resulting log.

Here are the logs you requested.

File 988960E50C.sys received on 2009.06.26 17:17:48 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1438 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 -
Microsoft 1.4803 2009.06.26 -
NOD32 4192 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Additional information
File size: 56 bytes
MD5...: aaa7568924cd15a157311f998a107944
SHA1..: 89a3809d304bd27e719fdc83301491b0f169c951
SHA256: 3c47aa78f8e4b14159524ce13adb2c8993b34908090112c6445aa888a3c40cbd
ssdeep: 3:/lbalGuUUZn:5aIuUUZn

PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-




File FCFEABE34F.sys received on 2009.06.26 17:26:34 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1438 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 -
Microsoft 1.4803 2009.06.26 -
NOD32 4192 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Additional information
File size: 56 bytes
MD5...: d760eb8fb2329a6e0a164c28551bce2e
SHA1..: 62c4e1ed188208ffe0f539d4415add2c875a5bf8
SHA256: 1656a14438ca967e72772d42e8f767abcb43df35255e5b4c0d8e61282fa9faa8
ssdeep: 3:/lCC/U8djnn:QCs8djnn

PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ComboFix 09-06-26.02 - grandma 06/26/2009 11:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.124 [GMT -7:00]
Running from: c:\documents and settings\grandma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\grandma\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen147.exe"
"c:\program files\AskBarDis\bar\bin\askBar.dll"
"c:\program files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\grandma\Application Data\alot
c:\documents and settings\grandma\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\grandma\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\grandma\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\grandma\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\grandma\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\grandma\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\grandma\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\grandma\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\grandma\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\grandma\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\grandma\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\grandma\Application Data\alot\configurator\configurator.xml
c:\documents and settings\grandma\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\grandma\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\grandma\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\grandma\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\grandma\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\grandma\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\grandma\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\grandma\Application Data\alot\products\products.xml
c:\documents and settings\grandma\Application Data\alot\products\products.xml.backup
c:\documents and settings\grandma\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\grandma\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\grandma\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_4\images\default_1011_alot_maps_tools.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_4\images\default_1011_alot_maps_tools.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_5\images\default_2284_alot_map_travel.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_5\images\default_2284_alot_map_travel.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_6\images\default_2086_alot_fin_financialservices.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_6\images\default_2086_alot_fin_financialservices.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\clear.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\cloudy.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\mcloud.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\nclear.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\nmcloud.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\pcloud.png
c:\documents and settings\grandma\Application Data\alot\Resources\Button_7\images\shower.png
c:\documents and settings\grandma\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\grandma\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\grandma\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\grandma\Application Data\alot\TemABD.tmp
c:\documents and settings\grandma\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\grandma\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\grandma\Application Data\alot\toolbar.xml
c:\documents and settings\grandma\Application Data\alot\toolbar.xml.backup
c:\documents and settings\grandma\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\grandma\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\grandma\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\grandma\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\grandma\Application Data\alot\Updater\Updater.xml
c:\documents and settings\grandma\Application Data\alot\Updater\Updater.xml.backup
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll
c:\program files\SeekeenSrch
c:\program files\SeekeenSrch\home.js
c:\program files\SeekeenSrch\readme.html
c:\program files\SeekeenSrch\seekeen.exe
c:\program files\SeekeenSrch\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKEENSRCH_SERVICE
-------\Service_SeekeenSrch Service


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-24 18:20 . 2009-06-26 18:45 117760 ----a-w- c:\documents and settings\grandma\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-24 18:20 . 2009-06-24 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\documents and settings\grandma\Application Data\SUPERAntiSpyware.com
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-24 16:49 . 2009-06-24 16:49 -------- d-----w- c:\windows\system32\dllcache\cache
2009-06-24 15:55 . 2009-06-24 15:55 -------- d-----w- c:\windows\system32\LogFiles
2009-06-18 14:17 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-17 18:51 . 2009-06-17 18:51 -------- d-----w- c:\program files\Trend Micro
2009-06-17 17:58 . 2009-06-17 17:58 -------- d-----w- c:\program files\Secunia
2009-06-17 17:01 . 2009-06-17 17:01 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\grandma\Application Data\Malwarebytes
2009-06-17 16:57 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:57 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 16:57 . 2009-06-17 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 16:46 . 2009-06-17 16:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Application Data\CyberLink
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Local Settings\Application Data\PowerDVD
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-----w- c:\program files\Microsoft
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-16 21:20 . 2009-06-16 21:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 21:19 . 2009-06-16 21:19 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-15 19:28 . 2009-06-15 19:28 -------- d-----w- c:\documents and settings\grandma\Application Data\aAvgApi
2009-06-11 10:06 . 2009-06-11 10:06 -------- d-----w- c:\windows\ie8updates
2009-06-10 22:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 22:58 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 17:44 . 2009-06-10 17:57 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- c:\documents and settings\grandma\cs
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- C:\Application Data
2009-06-06 23:39 . 2009-06-06 23:39 -------- d-sh--w- c:\documents and settings\grandma\IECompatCache
2009-06-06 23:37 . 2009-06-06 23:37 -------- d-sh--w- c:\documents and settings\grandma\PrivacIE
2009-06-06 23:34 . 2009-06-06 23:34 -------- d-sh--w- c:\documents and settings\grandma\IETldCache
2009-06-06 23:23 . 2009-06-06 23:24 -------- dc-h--w- c:\windows\ie8
2009-06-04 01:30 . 2009-06-26 16:12 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 01:19 . 2009-06-04 01:19 -------- d-----w- c:\program files\AVG
2009-06-04 01:19 . 2009-06-26 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 18:27 . 2008-10-25 21:18 -------- d-----w- c:\program files\My.Freeze.com Toolbar with NetAssistant
2009-06-24 18:44 . 2009-03-05 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekeenSrch
2009-06-23 23:59 . 2008-06-17 01:20 56 --sh--r- c:\windows\system32\988960E50C.sys
2009-06-23 23:59 . 2008-06-17 01:20 4600 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-23 23:57 . 2008-10-25 21:18 -------- d-----w- c:\documents and settings\grandma\Application Data\SmartShopper
2009-06-17 22:13 . 2008-07-06 11:59 130 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\fusioncache.dat
2009-06-16 21:19 . 2005-12-16 17:08 -------- d-----w- c:\program files\Java
2009-06-15 01:05 . 2007-12-09 21:28 -------- d-----w- c:\program files\Dl_cats
2009-06-04 12:40 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-05-28 19:57 . 2008-11-30 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 05:15 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 20:35 . 2008-10-16 16:05 42504 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 23:51 . 2005-08-16 10:41 88959 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-11-28 21:06 . 2008-11-28 21:06 56 --sh--r- c:\windows\system32\FCFEABE34F.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_16.46.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 18:30 . 2009-06-26 18:30 16384 c:\windows\temp\Perflib_Perfdata_bc.dat
+ 2009-06-24 16:49 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-24 16:49 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-24 16:49 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-24 16:49 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-24 16:49 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-24 16:49 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-24 18:20 . 2009-06-24 18:20 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-24 18:20 . 2009-06-24 18:20 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-24 16:49 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-24 16:49 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-24 16:49 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-24 16:49 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-24 16:49 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-24 16:49 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-24 16:49 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-24 16:49 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-24 16:49 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-24 16:49 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-24 16:49 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-24 16:49 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-24 16:49 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegPowerClean"="c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [2007-04-12 5980160]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-16 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

c:\documents and settings\grandma\Start Menu\Programs\Startup\
BoontyBox Play Toad.lnk - c:\program files\Adobe\BoontyBox\BoontyBox.exe [2009-1-6 816736]
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-11-23 108544]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-10-12 1261568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-09 21:23 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/12/2008 4:11 PM 194304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-01-06 22:10]

2009-06-20 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-25 22:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 11:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\RtlGina2.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\Fun4IM\Bandoo.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\system32\dlcccoms.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\progra~1\Fun4IM\BandooUI.exe
.
**************************************************************************
.
Completion time: 2009-06-26 11:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 18:50
ComboFix2.txt 2009-06-24 16:49

Pre-Run: 62,135,812,096 bytes free
Post-Run: 62,213,763,072 bytes free

329 --- E O F --- 2009-06-20 03:28

Malwarebytes' Anti-Malware 1.38
Database version: 2339
Windows 5.1.2600 Service Pack 3

6/26/2009 12:14:48 PM
mbam-log-2009-06-26 (12-14-47).txt

Scan type: Quick Scan
Objects scanned: 106962
Time elapsed: 19 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

Please do the following

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Please advise how your computer is running now and if there are any outstanding issues.

CatByte, there are a couple of problems with the system besides what I've already told you about. One of tyhe new things is that I can no longer download any program from within a messege or communication. When I did the Virus Total scans I couldn't load Virus Total from your post I had to open a new window and Google it to then be able to download. I also cannot load from any of the sites like Gizmo when he gives a lead to load from within the article. I worked around the Virus Total thing but want to find out whats wrong.
Also, when closing any open windows I get a messege within a box that says"Internet Explorer Unhandled Exception in 3rd party mode and should be closed."

Module: WINUTIL5.DLL
Version: Unicode; v.44, 0, 5, 0
Call Stack - Base: 16940000,001B:1699D18C WinUtil5.DLL
and then there is a much longer but very similar list of other Base : entries.
I don't know how to cut and paste the window for youo to see, I don't think that I can do it as the computer is now.

By the way I'm a friend of Patricks helping him to get the computer cleaned up and running correctly again so there are lapses of a few days sometimes before I gat over to his home. I''m posting this from my home computer. I should be over there by tommorrow to do the next set of instructions, hopefully I can get any downloading done without having to jump through to many hoops. When the computer displays that messege about unhandled exception it also automatically opens a new window with a blank page instead of the home page, there were 13 open windows when I first was trying to work on the computer, you can't just close out windows because of this I have to use C+A+Del to close out but this closes all the windows whether they are checked or not.
Thank You very much for your patience CatByte I hope you can find the answers we need.

This post has been edited by Patrick42: Jun 27 2009, 12:08 PM

Can you advise when these problems started happening

Did you have these issues before we started cleaning, or has it just started since?


The problem could be a corrupt installation of IE or a problem with an add-on.

try this:

Click on Start, All Programs, Accessories, System Tools, and click Internet Explorer no Add-ons.

Now, launch IE and see if you still get the message.
If not, then we can be relatively certain that an add-on is the cause and we can run the steps to determine which add-on is causing the trouble. Restart IE normally, then click “Tools” on the Menu Bar and select Manage Add-ons.
Disable all of your add-ons and then re-enable them 1 at a time until you locate the add-on causing your problem.


Download and install FireFox (it's a better browser)

Advise if you still have the same issues with FireFox

the problem with the replication of the windows, that has been going before I contacted you. The other problem of not being able to directly download from instructions, that has just started before the last scans were done.

when I get to Patricks I will go ahead and run the instructions you've given us and post the logs.

Hi I wanted to send you the reports and logs from CF and Kaspersky and then switch over to Firefox. I did try and run IE without add ons and the same thing still happened though.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 19:05:33
Records in database: 2407057
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 68287
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:59:46

No malware has been detected. The scan area is clean.

The selected area was scanned.

ComboFix 09-06-29.07 - grandma 06/30/2009 12:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.148 [GMT -7:00]
Running from: c:\documents and settings\grandma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\grandma\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090630-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\iWin Games
c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_dl.png
c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_next.png
c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_prev.png
c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\WebUpdater.exe
c:\documents and settings\All Users\Application Data\iWin Games\drm\data\{17037401-0659-0618-5792-05910F0FF2IW}.dta
c:\documents and settings\All Users\Application Data\iWin Games\drm\data\{17237783-2548-0144-7173-55597F0FF5IW}.dta
c:\documents and settings\All Users\Application Data\iWin Games\drm\data\{17337753-6366-0427-0853-37132F0FF3IW}.dta
c:\documents and settings\All Users\Application Data\iWin Games\drm\drm_1736504682024887893_CookingAcademy.ifn.stdat
c:\documents and settings\All Users\Application Data\iWin Games\drm\drm_1737416596185790591_SlingoSupreme.exe.stdat
c:\documents and settings\All Users\Application Data\iWin Games\drm\drm_1737733664270853713_AlabamaSmithEP.ifn.stdat
c:\documents and settings\All Users\Application Data\iWin Games\drm\drm_1737735481447175559_Call of Atlantis.ifn.stdat
c:\documents and settings\All Users\Application Data\iWin Games\opal\Flash.ocx
c:\documents and settings\All Users\Application Data\iWin Games\opal\FlashPlayerControl.dll
c:\documents and settings\All Users\Application Data\iWin Games\opal\opal.ver
c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\program files\AWS\WeatherBug
c:\program files\AWS\WeatherBug\download.txt
c:\program files\AWS\WeatherBug\lfbmp10N.dll
c:\program files\AWS\WeatherBug\Lfcmp10n.dll
c:\program files\AWS\WeatherBug\lfimg10N.dll
c:\program files\AWS\WeatherBug\Local\1px.gif
c:\program files\AWS\WeatherBug\Local\alert_failed.html
c:\program files\AWS\WeatherBug\Local\Background60.jpg
c:\program files\AWS\WeatherBug\Local\bot_default.html
c:\program files\AWS\WeatherBug\Local\bot_failed2.html
c:\program files\AWS\WeatherBug\Local\Bot_loading.gif
c:\program files\AWS\WeatherBug\Local\bot_loading.html
c:\program files\AWS\WeatherBug\Local\center_failed.html
c:\program files\AWS\WeatherBug\Local\center_loading.html
c:\program files\AWS\WeatherBug\Local\def_bot.gif
c:\program files\AWS\WeatherBug\Local\WBug_Loading.gif
c:\program files\AWS\WeatherBug\Local\weather_window_loading.gif
c:\program files\AWS\WeatherBug\Local\WxBug.gif
c:\program files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
c:\program files\AWS\WeatherBug\Local\WxWindow_failed.html
c:\program files\AWS\WeatherBug\Local\WxWindow_loading.html
c:\program files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
c:\program files\AWS\WeatherBug\LTDIS10N.dll
c:\program files\AWS\WeatherBug\ltfil10N.DLL
c:\program files\AWS\WeatherBug\ltkrn10N.dll
c:\program files\AWS\WeatherBug\Weather.exe
c:\program files\AWS\WeatherBug\wxdist.dll
c:\program files\AWS\WeatherBug\wxlocm.dll
c:\program files\AWS\WeatherBug\wxpref.dll
c:\program files\AWS\WeatherBug\wxreg.dll
c:\program files\AWS\WeatherBug\wxutil.dll
c:\program files\AWS\WeatherBug\wxweb.dll
c:\program files\My.Freeze.com Toolbar with NetAssistant
c:\program files\My.Freeze.com Toolbar with NetAssistant\basis.xml
c:\program files\My.Freeze.com Toolbar with NetAssistant\EULA.url
c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze.bmp
c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze.ico
c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze.url
c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll
c:\program files\My.Freeze.com Toolbar with NetAssistant\frzToolbar_logo.bmp
c:\program files\My.Freeze.com Toolbar with NetAssistant\icons.bmp
c:\program files\My.Freeze.com Toolbar with NetAssistant\info.txt
c:\program files\My.Freeze.com Toolbar with NetAssistant\INSTALL.LOG
c:\program files\My.Freeze.com Toolbar with NetAssistant\netassist_version.txt
c:\program files\My.Freeze.com Toolbar with NetAssistant\powered_yahoo_search.bmp
c:\program files\My.Freeze.com Toolbar with NetAssistant\Privacy_Policy.url
c:\program files\My.Freeze.com Toolbar with NetAssistant\remove.exe
c:\program files\My.Freeze.com Toolbar with NetAssistant\settings_uninstall_app.exe
c:\program files\My.Freeze.com Toolbar with NetAssistant\tbhelper.dll
c:\program files\My.Freeze.com Toolbar with NetAssistant\toolbar_version.txt
c:\program files\My.Freeze.com Toolbar with NetAssistant\uninst.exe
c:\program files\My.Freeze.com Toolbar with NetAssistant\uninstall.exe
c:\program files\My.Freeze.com Toolbar with NetAssistant\update.exe
c:\program files\My.Freeze.com Toolbar with NetAssistant\whiteList_plugin.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-26 20:40 . 2009-06-26 20:40 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-26 20:40 . 2009-06-26 20:40 -------- d-----w- c:\program files\MSBuild
2009-06-26 20:40 . 2009-06-26 20:40 -------- d-----w- c:\program files\Reference Assemblies
2009-06-26 20:39 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-26 20:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-26 20:39 . 2009-06-26 20:40 -------- d-----w- C:\8201f1c9acd66abc22691d
2009-06-26 20:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-26 20:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-26 20:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-26 20:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-26 20:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-26 20:32 . 2009-06-26 20:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-26 20:29 . 2009-06-26 20:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-26 19:57 . 2009-04-06 18:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-26 19:57 . 2009-02-10 23:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-26 19:55 . 2009-02-19 00:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-26 19:54 . 2009-06-26 19:54 -------- d-----w- c:\program files\Agnitum
2009-06-26 19:53 . 2009-06-26 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-26 19:35 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-26 19:35 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-26 19:35 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-26 19:35 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-26 19:35 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-26 19:35 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-26 19:35 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-26 19:35 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-26 19:35 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-26 19:35 . 2009-06-26 19:35 -------- d-----w- c:\program files\Alwil Software
2009-06-24 18:20 . 2009-06-30 20:11 117760 ----a-w- c:\documents and settings\grandma\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-24 18:20 . 2009-06-24 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\documents and settings\grandma\Application Data\SUPERAntiSpyware.com
2009-06-24 18:19 . 2009-06-24 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-24 15:55 . 2009-06-26 20:29 -------- d-----w- c:\windows\system32\LogFiles
2009-06-18 14:17 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-17 18:51 . 2009-06-17 18:51 -------- d-----w- c:\program files\Trend Micro
2009-06-17 17:58 . 2009-06-17 17:58 -------- d-----w- c:\program files\Secunia
2009-06-17 17:01 . 2009-06-17 17:01 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\grandma\Application Data\Malwarebytes
2009-06-17 16:57 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:57 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 16:57 . 2009-06-17 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 16:46 . 2009-06-17 16:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Application Data\CyberLink
2009-06-17 15:51 . 2009-06-17 15:51 -------- d-----w- c:\documents and settings\grandma\Local Settings\Application Data\PowerDVD
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-----w- c:\program files\Microsoft
2009-06-16 21:22 . 2009-06-16 21:22 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-16 21:20 . 2009-06-16 21:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 21:19 . 2009-06-16 21:19 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-15 19:28 . 2009-06-15 19:28 -------- d-----w- c:\documents and settings\grandma\Application Data\aAvgApi
2009-06-11 10:06 . 2009-06-11 10:06 -------- d-----w- c:\windows\ie8updates
2009-06-10 22:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 22:58 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 17:44 . 2009-06-10 17:57 152576 ----a-w- c:\documents and settings\grandma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- c:\documents and settings\grandma\cs
2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- C:\Application Data
2009-06-06 23:39 . 2009-06-06 23:39 -------- d-sh--w- c:\documents and settings\grandma\IECompatCache
2009-06-06 23:37 . 2009-06-06 23:37 -------- d-sh--w- c:\documents and settings\grandma\PrivacIE
2009-06-06 23:34 . 2009-06-06 23:34 -------- d-sh--w- c:\documents and settings\grandma\IETldCache
2009-06-06 23:23 . 2009-06-06 23:24 -------- dc-h--w- c:\windows\ie8
2009-06-04 01:30 . 2009-06-26 16:12 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 01:19 . 2009-06-04 01:19 -------- d-----w- c:\program files\AVG
2009-06-04 01:19 . 2009-06-26 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 20:05 . 2009-01-06 16:33 -------- d-----w- c:\program files\AWS
2009-06-26 21:13 . 2005-12-16 17:08 -------- d-----w- c:\program files\Java
2009-06-26 21:07 . 2008-10-25 21:17 -------- d-----w- c:\program files\Winferno
2009-06-23 23:59 . 2008-06-17 01:20 56 --sh--r- c:\windows\system32\988960E50C.sys
2009-06-23 23:59 . 2008-06-17 01:20 4600 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-23 23:57 . 2008-10-25 21:18 -------- d-----w- c:\documents and settings\grandma\Application Data\SmartShopper
2009-06-17 22:13 . 2008-07-06 11:59 130 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\fusioncache.dat
2009-06-15 01:05 . 2007-12-09 21:28 -------- d-----w- c:\program files\Dl_cats
2009-06-04 12:40 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-05-28 19:57 . 2008-11-30 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 05:15 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 20:35 . 2008-10-16 16:05 42504 ----a-w- c:\documents and settings\grandma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 23:51 . 2005-08-16 10:41 88959 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-11-28 21:06 . 2008-11-28 21:06 56 --sh--r- c:\windows\system32\FCFEABE34F.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_16.46.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-06-28 16:52 . 2009-06-28 16:52 16384 c:\windows\temp\Perflib_Perfdata_c8.dat
+ 2009-06-30 20:08 . 2009-06-30 20:08 16384 c:\windows\temp\Perflib_Perfdata_c0.dat
+ 2009-06-30 20:08 . 2009-06-30 20:08 16384 c:\windows\temp\Perflib_Perfdata_4cc.dat
+ 2006-09-29 01:56 . 2006-09-29 01:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 03:13 . 2006-09-29 03:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 03:00 . 2006-10-19 03:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2005-08-16 10:18 . 2006-10-19 04:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 35840 c:\windows\system32\wpdconns.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 99840 c:\windows\system32\wmpshell.dll
- 2005-08-16 10:19 . 2005-08-04 00:29 37376 c:\windows\system32\WMDMPS.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 37376 c:\windows\system32\wmdmps.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 33792 c:\windows\system32\wmdmlog.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2009-06-26 20:39 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-06-26 20:32 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2005-10-29 06:49 . 2005-10-29 06:49 84480 c:\windows\system32\pintool.exe
+ 2005-08-16 10:18 . 2009-06-26 20:47 71732 c:\windows\system32\perfc009.dat
+ 2008-07-25 18:17 . 2008-07-25 18:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 83968 c:\windows\system32\mscories.dll
+ 2008-05-06 18:17 . 2009-06-26 20:11 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2005-08-16 10:19 . 2006-10-19 04:47 11264 c:\windows\system32\LAPRXY.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 73720 c:\windows\system32\dxva2.dll
+ 2006-09-29 02:00 . 2006-09-29 02:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-29 01:55 . 2006-09-29 01:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2005-08-16 10:18 . 2006-10-19 03:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2008-07-25 18:16 . 2008-07-25 18:16 96760 c:\windows\system32\dfshim.dll
+ 2005-10-29 06:49 . 2005-10-29 06:49 25600 c:\windows\system32\bcsprsrc.dll
+ 2005-10-28 23:40 . 2005-10-28 23:40 96792 c:\windows\system32\basecsp.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:32 . 2008-07-30 02:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-06-24 18:20 . 2009-06-24 18:20 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-24 18:20 . 2009-06-24 18:20 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-06-26 20:39 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-06-26 20:50 . 2009-06-26 20:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-06-26 20:48 . 2009-06-26 20:48 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-06-26 21:23 . 2009-06-26 21:23 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-06-26 20:40 . 2009-06-26 20:40 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\wmvdmod.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2005-08-16 10:18 . 2006-10-19 04:47 4096 c:\windows\system32\WMVADVD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\wmsdmod.dll
+ 2005-08-16 10:18 . 2006-10-19 04:58 8704 c:\windows\system32\wdfmgr.exe
+ 2005-08-16 10:18 . 2006-10-19 04:47 4096 c:\windows\system32\wdfapi.dll
+ 2005-08-16 10:18 . 2006-10-19 04:58 8704 c:\windows\system32\uwdf.exe
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 7168 c:\windows\system32\asferror.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-06-26 20:42 . 2009-06-26 20:42 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 04:23 . 2007-11-07 04:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 04:26 . 2008-07-30 04:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-09-29 01:56 . 2006-09-29 01:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-29 01:56 . 2006-09-29 01:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 01:56 . 2006-09-29 01:56 146432 c:\windows\system32\WudfHost.exe
+ 2005-08-16 10:18 . 2006-10-19 04:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 154624 c:\windows\system32\wpdmtp.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 603648 c:\windows\system32\WMSPDMOD.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 295936 c:\windows\system32\wmpeffects.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 314880 c:\windows\system32\wmpdxm.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 242688 c:\windows\system32\wmpasf.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 937984 c:\windows\system32\WMNetMgr.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 157184 c:\windows\system32\wmidx.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 227328 c:\windows\system32\wmerror.dll
+ 2005-04-20 17:32 . 2006-10-19 04:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 222208 c:\windows\system32\wmasf.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 757248 c:\windows\system32\WMADMOD.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-06-26 20:39 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-06-26 20:39 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 23:15 . 2006-08-24 23:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 211456 c:\windows\system32\qasf.dll
+ 2005-08-05 20:01 . 2006-10-09 23:12 235008 c:\windows\system32\psisdecd.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2005-08-16 10:18 . 2009-06-26 20:47 442466 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:19 . 2006-10-19 04:47 321536 c:\windows\system32\mswmdm.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 414208 c:\windows\system32\msscp.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 175616 c:\windows\system32\mspmsp.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-02 22:28 . 2006-10-02 22:28 312128 c:\windows\system32\msdelta.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 282112 c:\windows\system32\mscoree.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 259072 c:\windows\system32\MP43DECD.dll
+ 2005-04-20 17:32 . 2006-10-19 04:47 212992 c:\windows\system32\MFPLAT.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2005-08-16 10:19 . 2006-10-19 03:03 100864 c:\windows\system32\logagent.exe
+ 2005-10-29 06:49 . 2005-10-29 06:49 151552 c:\windows\system32\ifxcardm.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 622080 c:\windows\system32\icardagt.exe
+ 2005-08-16 10:27 . 2009-06-26 20:51 178648 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 04:10 . 2008-07-30 04:10 493048 c:\windows\system32\evr.dll
+ 2005-08-16 10:18 . 2006-10-09 23:12 456192 c:\windows\system32\encdec.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 991744 c:\windows\system32\drmv2clt.dll
+ 2005-08-04 00:29 . 2006-10-19 03:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-19 04:47 . 2006-10-19 04:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2008-06-11 10:58 . 2006-10-19 04:47 937984 c:\windows\system32\dllcache\WMNetMgr.dll
+ 2007-10-28 01:39 . 2006-10-19 04:47 222208 c:\windows\system32\dllcache\WMASF.dll
+ 2006-10-09 23:12 . 2006-10-09 23:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2006-10-09 23:12 . 2006-10-09 23:12 235008 c:\windows\system32\dllcache\psisdecd.dll
+ 2008-06-11 10:47 . 2006-10-19 03:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2006-10-09 23:12 . 2006-10-09 23:12 456192 c:\windows\system32\dllcache\encdec.dll
+ 2006-10-09 23:16 . 2006-10-09 23:16 558592 c:\windows\system32\dllcache\ehui.dll
+ 2006-10-09 23:17 . 2006-10-09 23:17 328704 c:\windows\system32\dllcache\ehglid.dll
+ 2005-10-11 16:32 . 2006-10-09 23:07 868352 c:\windows\system32\dllcache\ehepg.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 229376 c:\windows\system32\cewmdm.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 542720 c:\windows\system32\blackbox.dll
+ 2005-10-29 06:49 . 2005-10-29 06:49 133120 c:\windows\system32\axaltocm.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 276992 c:\windows\system32\audiodev.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 06:15 . 2008-07-30 06:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 06:40 . 2008-07-30 06:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-08-16 10:19 . 2006-11-02 01:31 315904 c:\windows\inf\unregmp2.exe
+ 2005-08-05 19:06 . 2006-10-09 23:12 107008 c:\windows\ehome\mstvcapn.dll
+ 2005-08-16 10:37 . 2006-10-09 23:16 558592 c:\windows\ehome\ehui.dll
+ 2005-08-16 10:37 . 2006-10-09 23:18 178176 c:\windows\ehome\ehkeyctl.dll
+ 2005-08-16 10:37 . 2006-10-09 23:17 328704 c:\windows\ehome\ehglid.dll
+ 2005-08-16 10:37 . 2006-10-09 23:07 868352 c:\windows\ehome\ehepg.dll
+ 2009-06-26 20:39 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2005-08-05 20:01 . 2006-10-09 23:12 235008 c:\windows\Driver Cache\i386\psisdecd.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-06-26 21:01 . 2009-06-26 21:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-06-26 21:22 . 2009-06-26 21:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-06-26 21:22 . 2009-06-26 21:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-06-26 20:59 . 2009-06-26 20:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-06-26 21:23 . 2009-06-26 21:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-06-26 20:54 . 2009-06-26 20:54 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-06-26 20:54 . 2009-06-26 20:54 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-06-26 20:54 . 2009-06-26 20:54 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-06-26 20:54 . 2009-06-26 20:54 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-06-26 21:23 . 2009-06-26 21:23 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-06-26 21:23 . 2009-06-26 21:23 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-06-26 20:49 . 2009-06-26 20:49 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-06-26 20:49 . 2009-06-26 20:49 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-06-26 20:49 . 2009-06-26 20:49 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-06-26 20:49 . 2009-06-26 20:49 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-06-26 20:52 . 2009-06-26 20:52 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2009-04-03 00:24 . 2009-04-03 00:24 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-06-26 20:52 . 2009-06-26 20:52 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 2450944 c:\windows\system32\wmvcore.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 8231936 c:\windows\system32\wmploc.dll
+ 2005-08-16 10:18 . 2006-10-19 04:47 1661440 c:\windows\system32\wmpencen.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-06-26 20:39 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-06-26 20:39 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-06-26 20:39 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 2450944 c:\windows\system32\dllcache\wmvcore.dll
+ 2005-10-11 16:39 . 2006-10-09 23:15 1669632 c:\windows\system32\dllcache\msvidctl.dll
+ 2005-10-11 16:43 . 2006-10-09 23:19 3223552 c:\windows\system32\dllcache\ehshell.exe
- 2005-10-11 16:39 . 2005-10-11 16:39 1863680 c:\windows\system32\dllcache\ehcm.dll
+ 2005-10-11 16:39 . 2006-10-09 23:16 1863680 c:\windows\system32\dllcache\ehcm.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 02:35 . 2008-12-06 02:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 03:12 . 2008-12-06 03:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-08-16 10:37 . 2006-10-09 23:19 3223552 c:\windows\ehome\ehshell.exe
- 2005-08-16 10:37 . 2005-10-11 16:39 1863680 c:\windows\ehome\ehcm.dll
+ 2005-08-16 10:37 . 2006-10-09 23:16 1863680 c:\windows\ehome\ehcm.dll
+ 2009-02-03 01:07 . 2009-02-03 01:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-06-26 20:49 . 2009-06-26 20:49 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-06-26 20:48 . 2009-06-26 20:48 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-06-26 21:26 . 2009-06-26 21:26 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-06-26 20:59 . 2009-06-26 20:59 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-06-26 21:22 . 2009-06-26 21:22 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-06-26 20:59 . 2009-06-26 20:59 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-06-26 21:22 . 2009-06-26 21:22 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-06-26 20:59 . 2009-06-26 20:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-06-26 20:56 . 2009-06-26 20:56 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-06-26 20:57 . 2009-06-26 20:57 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-06-26 20:55 . 2009-06-26 20:55 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-06-26 20:55 . 2009-06-26 20:55 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-06-26 20:54 . 2009-06-26 20:54 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-06-26 20:48 . 2009-06-26 20:48 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-06-26 21:24 . 2009-06-26 21:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-06-26 20:49 . 2009-06-26 20:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-06-26 20:48 . 2009-06-26 20:48 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-06-26 20:48 . 2009-06-26 20:48 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-06-26 20:40 . 2009-06-26 20:40 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-06-26 20:46 . 2009-06-26 20:46 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-04-03 00:24 . 2009-04-03 00:24 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-06-26 20:52 . 2009-06-26 20:52 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2005-08-16 10:19 . 2006-10-19 04:47 10834432 c:\windows\system32\wmp.dll
+ 2009-06-26 21:00 . 2009-06-26 21:00 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-06-26 21:25 . 2009-06-26 21:25 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-06-26 21:23 . 2009-06-26 21:23 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-06-26 20:59 . 2009-06-26 20:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-06-26 20:54 . 2009-06-26 20:54 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-06-26 20:50 . 2009-06-26 20:50 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-06-26 20:48 . 2009-06-26 20:48 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-16 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]

c:\documents and settings\grandma\Start Menu\Programs\Startup\
BoontyBox Play Toad.lnk - c:\program files\Adobe\BoontyBox\BoontyBox.exe [2009-1-6 816736]
iWin Desktop Alerts.lnk - c:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe.vir [2008-11-23 108544]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-10-12 1261568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-09 21:23 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/26/2009 12:35 PM 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/26/2009 12:57 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/26/2009 12:55 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/26/2009 12:35 PM 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/26/2009 12:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/26/2009 12:57 PM 257432]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/12/2008 4:11 PM 194304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-01-06 22:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03056

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\RtlGina2.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\Fun4IM\Bandoo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\dlcccoms.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
.
**************************************************************************
.
Completion time: 2009-06-30 13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 20:16
ComboFix2.txt 2009-06-26 18:50
ComboFix3.txt 2009-06-24 16:49

Pre-Run: 61,389,287,424 bytes free
Post-Run: 61,496,299,520 bytes free

960 --- E O F --- 2009-06-20 03:28

Hi,

There are a couple of things for you to try to resolve your inability to download from IE

try the following fixes one at a time, if one resolution doesn't work...move on to the next:

1. Make sure IE is the default browser.

Open Microsoft Internet Explorer.

Pull down the Tools menu and select Internet Options.

Select the Programs tab.

Click the box next to "Internet Explorer should check to see whether it is the default browser" and click OK

Close Internet Explorer.

Reopen Internet Explorer. A window will appear asking whether you'd like Internet Explorer to be your default browser.

Click "Yes" to make Internet Explorer. the default browser.



2. Reset IE back to default settings

visit this Microsoft site:

http://support.microsoft.com/kb/923737

scroll down to the "FIX IT" button and select.

This will restore your IE back to it's default setting.


3. Flush DNS cache

• Go to Start > Run > type: cmd
• Press OK or Hit Enter.
• At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
• Hit Enter.
• You will get a confirmation that the flush was successful.
• Close the command box.

4. Reset Hosts:

you will need to download this on another computer and transfer it over.

Please download HostsXpert

• Unzip HostsXpert to it's own folder in a convenient place such as C:\HostsXpert
• Run: HostsXpert.exe
• Click: Make Writable? in the upper left corner.
• Click: Restore MS Hosts File
• Click: Replace
• Click: OK
• Click: Make ReadOnly
• Close HostsXpert.

There does not appear to be any malware remaining on your machine, but this issue needs to be resolved.

If none of these suggestions work, we will need to have our expert tech gurus check out the computer.

Please try and describe in detail what issues remain after trying the above.

Hi Catbyte, unforunately I'm at home again but will be back to Patricks in a day or two. One thing I wanted you to know about is that the DEP keeps stopping IE from running, it continually brings up a window that says DEP will be shutting down this IE window due to security reasons. I checked in the DEP folder and someone had added IE under thew additional protection setting, I dleted the IE and rebooted then reset all back to regular DEP settings and it still keeps shutting down the windows. One good thing is that it now seems to be able to download from a windows prompt again. I'll get back to you as soon as I run the things you want and I'll let you know how it's going. I have installed Firefox and just want to make sure everything is OK with all else. Thank You Cat. One more thing, do I have to download the hosts file on my computer and then use my USB stick to add it to Patricks? Or if the computer is now downloading from your prompts again can I run it all from his system?

This post has been edited by Patrick42: Jul 1 2009, 12:40 PM