Jump to content

Open With Virus? Each time I attempt to open a program, an "Open With" dialogue pops-up


MWolfe

Recommended Posts

I have an Asus EEE netbook that is running Windows XP. In regular mode, absolutely no programs will run/open. Each time I attempt to run something like a web browser or even the previously installed antivirus software, it greets me with an "Open With" pop-up. The anti-virus software that was installed previously was only Trend Micro. Also, when you boot the netbook up, you are greeted with just a flashing cursor. To get it to boot up normally, I have to remove the battery.

Once I was greeted with this error, I assumed there was a virus. I booted into safe mode, and was able to browse to the malwarebytes site as I only have one CD key for the full software. I was able to download the free Malwarebytes, although it will not update the definitions. I have ran maybe 6 scans since, 4 quick and 2 full. There were viruses found in the first 3 quick scans and the first full scan. Since, I have run a quick and full scan and have found nothing, though the problem still exists. Attached are the mbam logs.

Thanks in advance,

Michael

mbam-log-2011-08-25 (17-38-16).txt

mbam-log-2011-08-25 (17-48-12).txt

mbam-log-2011-08-25 (18-24-25).txt

mbam-log-2011-08-25 (18-48-54).txt

mbam-log-2011-09-01 (14-56-52).txt

mbam-log-2011-09-01 (15-19-56).txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please download exeHelper from one of these two places:

http://www.raktor.net/exeHelper/exeHelper.com

http://www.raktor.net/exeHelper/exeHelper.scr

Save it to your Desktop and run it. When it finishes, restart your computer and see if you can run .exe files now.

If so, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Staff

Hi,

Please do not attach logs unless otherwise stated.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello,

First, let me apologize for the attachments, I thought that'd be more concise. Secondly, I didn't mention this in the previous post as I hoped it would be still understood, but the bootup problem with the flashing cursor @ initial boot up is still present. I just wanted to make sure that was still clear. Below is what you asked me to do. I have bolded and underlined each heading so you could see them clearly.

I installed and ran ComboFix and the report is below:

ComboFix 11-09-07.04 - Amy 09/07/2011 21:54:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.551 [GMT -4:00]

Running from: c:\documents and settings\Amy\Desktop\ComboFix.exe

AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory\ebi.BookReader3J.exe.48d6c0a.ini

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory\SL14F.tmp.d50352f4.ini

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory\SL40.tmp.ba3305fd.ini

c:\documents and settings\Amy\Local Settings\Application Data\ApplicationHistory\SLE6.tmp.903bdd12.ini

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory\EeeStorageCommander.exe.e655d1c5.ini

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory\SL14F.tmp.d50352f4.ini

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory\SL40.tmp.ba3305fd.ini

c:\documents and settings\Holly\Local Settings\Application Data\ApplicationHistory\SLE6.tmp.903bdd12.ini

c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory\SL14F.tmp.d50352f4.ini

c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory\SL40.tmp.ba3305fd.ini

c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory\SLE6.tmp.903bdd12.ini

c:\windows\system32\service

c:\windows\system32\service\26122009_TIS17_SfFniAU.log

c:\windows\system32\service\29092010_TIS17_SfFniAU.log

c:\windows\system32\Thumbs.db

Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\documents and settings\Default User\ntuser.dat.LOG

.

.

((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))

.

.

2011-09-05 19:14 . 2011-09-05 19:14 -------- d-----w- c:\program files\Common Files\Java

2011-09-05 19:14 . 2011-05-04 08:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-09-05 19:14 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-05 19:08 . 2011-09-05 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-09-05 18:57 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-05 18:57 . 2011-09-05 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-05 18:57 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 18:45 . 2011-09-05 18:45 -------- d-sh--w- c:\documents and settings\Holly\PrivacIE

2011-09-05 18:44 . 2011-09-05 18:44 -------- d-----w- c:\documents and settings\Holly\Application Data\Malwarebytes

2011-08-25 21:31 . 2011-08-25 21:31 -------- d-----w- c:\documents and settings\Amy\Application Data\Malwarebytes

2011-08-25 21:30 . 2011-08-25 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-01 23:13 . 2011-05-01 23:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [6/1/2010 9:14 PM 11448]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2011 2:57 PM 366640]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/26/2009 1:10 PM 36432]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 9:59 PM 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 2:57 PM 22712]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [12/26/2009 1:10 PM 339984]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 1:47 AM 39040]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 3:00 PM 1684736]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 8:24 AM 1015424]

S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/26/2009 1:12 PM 51792]

S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [12/26/2009 1:12 PM 497008]

S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/26/2009 1:12 PM 689416]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138972114-1257536202-3890541837-1007Core.job

- c:\documents and settings\Amy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-02 22:47]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138972114-1257536202-3890541837-1007UA.job

- c:\documents and settings\Amy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-02 22:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://pbskids.org/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Amy\Application Data\Mozilla\Firefox\Profiles\mpmfoy7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-07 22:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1124)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(1184)

c:\windows\system32\WININET.dll

.

Completion time: 2011-09-07 22:28:13

ComboFix-quarantined-files.txt 2011-09-08 02:27

.

Pre-Run: 134,406,459,392 bytes free

Post-Run: 135,831,789,568 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8C66CCF22B59C77FA29E269451253894

I then ran another DDS, and its log is below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Amy at 22:29:32 on 2011-09-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.187 [GMT -4:00]

.

AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://pbskids.org/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe

mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B0B65322-A1D2-48CB-8A58-05F8CDE3E1BE} : DhcpNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\amy\application data\mozilla\firefox\profiles\mpmfoy7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\amy\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\amy\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-6-1 11448]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-11 55152]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-5 366640]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-12-26 36432]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22712]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-12-26 339984]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-28 39040]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]

S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-12-26 51792]

S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-12-26 497008]

S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-12-26 689416]

.

=============== Created Last 30 ================

.

2011-09-08 01:47:57 -------- d-sha-r- C:\cmdcons

2011-09-08 01:42:41 98816 ----a-w- c:\windows\sed.exe

2011-09-08 01:42:41 518144 ----a-w- c:\windows\SWREG.exe

2011-09-08 01:42:41 256000 ----a-w- c:\windows\PEV.exe

2011-09-08 01:42:41 208896 ----a-w- c:\windows\MBR.exe

2011-09-05 19:14:02 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-09-05 19:14:02 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-05 18:57:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-05 18:57:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 18:57:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-25 21:31:03 -------- d-----w- c:\documents and settings\amy\application data\Malwarebytes

2011-08-25 21:30:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

.

============= FINISH: 22:31:56.68 ===============

Thanks again in advance,

Michael

Link to post
Share on other sites

Each time I do a system restart using the normal restart method, It boots up with just a flashing "_" in the very top left corner of the screen, without the quotes. To remedy this, the only thing that works is removing the battery for a few seconds and replacing it, and then it boots up normal if you turn it on right away. The classic double control, alt, delete does not work. Also, if you do the battery pull and in turn wait awhile to turn it on, your still greeted with the flashing _ . I am attaching a picture, that while pretty poor quality, shows this. I took it with my playbook, so no flash capability.

Also, I had experienced after the first round of DDS that when I attempted to access the internet, via searching on google for the download link of MSE, that even official Windows websites were flagged by Malwarebytes as malicious. In turn, I have ceased using the netbook for anything other than your suggestions until we clean it up.

Thanks in advance,

Michael

Link to post
Share on other sites

  • Staff

Hi Michael,

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

Avira's Result from boot cd:

Avira / Linux Version 1.9.152.0

Copyright © 2010 by Avira GmbH

All rights reserved.

engine set: 8.2.6.54

VDF Version: 7.11.14.152

Scan start time: Sun Sep 11 23:18:11 2011

configuration file: /etc/avira/scancl.conf

ALERT: [JAVA/Tharra.A] /media/Devices/sda1/Documents and Settings/Amy/Application Data/Sun/Java/Deployment/cache/6.0/33/7d358f61-1b77f1d3.vir <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]

ALERT: [EXP/Java.BN] /media/Devices/sda1/Documents and Settings/Amy/Application Data/Sun/Java/Deployment/cache/6.0/43/58630b2b-29f2b64f.vir --> bingo/haskalu.class <<< Contains signature of the exploits EXP/Java.BN [archive scan abort]

ALERT: [EXP/CVE-2010-0840.AH] /media/Devices/sda1/Documents and Settings/NetworkService/Application Data/Sun/Java/Deployment/cache/6.0/29/3b702edd-19eeadbe.vir --> buildService/MapYandex.class <<< Contains signature of the exploits EXP/CVE-2010-0840.AH [archive scan abort]

WARNING: [File is encrypted] /media/Devices/sda1/DownLodes/Installed/TrendMicro_TIS_17.50_en-US_32-bit/Tools/32bit/SICTOOL/SICBASE.DAT

WARNING: [File is encrypted] /media/Devices/sda1/DownLodes/Installed/TrendMicro_TIS_17.50_en-US_32-bit.exe --> Tools/32bit/SICTOOL/SICBASE.DAT

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP389/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP390/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP391/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP392/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP393/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP394/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP396/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP397/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP398/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP399/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP400/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP401/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP402/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP403/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP404/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP405/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP406/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP407/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP408/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP409/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP410/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP411/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP412/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP413/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP414/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP415/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP417/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP418/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP419/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP420/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP421/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP422/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP423/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP424/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP425/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP426/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP427/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP428/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP429/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP430/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP431/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP432/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP433/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP434/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP435/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP436/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP438/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP439/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP440/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP441/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP442/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP443/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP444/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP445/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP446/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP447/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP448/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP449/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP450/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP451/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP452/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP453/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP454/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP455/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP456/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP457/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP458/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP459/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP460/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP461/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP462/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP463/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP464/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP465/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP466/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP467/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP468/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP469/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP470/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP471/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP472/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP473/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP474/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP475/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP395/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP416/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [All files in archive are encrypted] /media/Devices/sda1/System Volume Information/_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}/RP437/snapshot/Repository/FS/OBJECTS.DATA

WARNING: [unexpected end of file] /media/Devices/sda1/WINDOWS/system32/Macromed/Flash/uninstall_activeX.exe

WARNING: [All files in archive are encrypted] /media/Devices/sda1/WINDOWS/system32/wbem/Repository/FS/OBJECTS.DATA

Statistics :

Directories............... : 8952

Archives.................. : 6545

Files..................... : 207640

Infected.............. : 3

Renamed........... : 3

Warnings.............. : 91

Suspicious............ : 0

Infections................ : 3

And here is the Avira scan in regular boot up mode as step 9 in their tutorial states to do:

Avira AntiVir Premium

Report file date: Monday, September 12, 2011 00:49

Scanning for 3358433 virus strains and unwanted programs.

The program is running as a fully functional evaluation version.

Online services are available:

Licensee : Amy Kalk

Serial number : 2216091269-PEPWE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : YOUR-60PTM4WI4X

Version information:

BUILD.DAT : 10.2.0.719 36208 Bytes 6/22/2011 15:53:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/18/2011 19:13:21

AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/18/2011 19:13:45

LUKE.DLL : 10.3.0.5 45416 Bytes 6/18/2011 19:13:35

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:54

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/18/2011 19:13:21

AVREG.DLL : 10.3.0.7 90472 Bytes 6/18/2011 19:13:20

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:06:39

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 12:06:40

VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:13:38

VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22

VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 02:20:53

VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 02:22:01

VBASE007.VDF : 7.11.13.61 2048 Bytes 8/16/2011 02:22:01

VBASE008.VDF : 7.11.13.62 2048 Bytes 8/16/2011 02:22:01

VBASE009.VDF : 7.11.13.63 2048 Bytes 8/16/2011 02:22:01

VBASE010.VDF : 7.11.13.64 2048 Bytes 8/16/2011 02:22:02

VBASE011.VDF : 7.11.13.65 2048 Bytes 8/16/2011 02:22:02

VBASE012.VDF : 7.11.13.66 2048 Bytes 8/16/2011 02:22:02

VBASE013.VDF : 7.11.13.95 166400 Bytes 8/17/2011 02:22:04

VBASE014.VDF : 7.11.13.125 209920 Bytes 8/18/2011 02:22:07

VBASE015.VDF : 7.11.13.157 184832 Bytes 8/22/2011 02:22:09

VBASE016.VDF : 7.11.13.201 128000 Bytes 8/24/2011 02:22:10

VBASE017.VDF : 7.11.13.234 160768 Bytes 8/25/2011 02:22:13

VBASE018.VDF : 7.11.14.16 141312 Bytes 8/30/2011 02:22:14

VBASE019.VDF : 7.11.14.48 133120 Bytes 8/31/2011 02:22:16

VBASE020.VDF : 7.11.14.78 156160 Bytes 9/2/2011 02:22:17

VBASE021.VDF : 7.11.14.109 126976 Bytes 9/6/2011 02:22:19

VBASE022.VDF : 7.11.14.137 131584 Bytes 9/8/2011 02:22:20

VBASE023.VDF : 7.11.14.138 2048 Bytes 9/8/2011 02:22:20

VBASE024.VDF : 7.11.14.139 2048 Bytes 9/8/2011 02:22:21

VBASE025.VDF : 7.11.14.140 2048 Bytes 9/8/2011 02:22:21

VBASE026.VDF : 7.11.14.141 2048 Bytes 9/8/2011 02:22:21

VBASE027.VDF : 7.11.14.142 2048 Bytes 9/8/2011 02:22:22

VBASE028.VDF : 7.11.14.143 2048 Bytes 9/8/2011 02:22:22

VBASE029.VDF : 7.11.14.144 2048 Bytes 9/8/2011 02:22:23

VBASE030.VDF : 7.11.14.145 2048 Bytes 9/8/2011 02:22:23

VBASE031.VDF : 7.11.14.162 183296 Bytes 9/11/2011 02:22:25

Engineversion : 8.2.6.60

AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 12:06:13

AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 9/12/2011 02:23:03

AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 12:06:12

AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 04:54:00

AERDL.DLL : 8.1.9.15 639348 Bytes 9/12/2011 02:22:59

AEPACK.DLL : 8.2.10.10 684407 Bytes 9/12/2011 02:22:55

AEOFFICE.DLL : 8.1.2.13 201083 Bytes 9/12/2011 02:22:50

AEHEUR.DLL : 8.1.2.167 3690871 Bytes 9/12/2011 02:22:49

AEHELP.DLL : 8.1.17.7 254327 Bytes 9/12/2011 02:22:32

AEGEN.DLL : 8.1.5.9 401780 Bytes 9/12/2011 02:22:31

AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 12:06:00

AECORE.DLL : 8.1.23.0 196983 Bytes 9/12/2011 02:22:29

AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 12:06:00

AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 12:06:20

AVPREF.DLL : 10.0.3.2 44904 Bytes 6/18/2011 19:13:20

AVREP.DLL : 10.0.0.10 174120 Bytes 6/18/2011 19:13:21

AVARKT.DLL : 10.0.26.1 255336 Bytes 6/18/2011 19:13:17

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/18/2011 19:13:19

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:30:25

AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 12:06:19

NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 12:06:31

RCIMAGE.DLL : 10.0.0.33 2633064 Bytes 6/18/2011 19:13:48

RCTEXT.DLL : 10.0.63.0 97640 Bytes 6/18/2011 19:13:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: Monday, September 12, 2011 00:49

Starting search for hidden objects.

An ARK library instance is already running.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '36' Module(s) have been scanned

Scan process 'msdtc.exe' - '47' Module(s) have been scanned

Scan process 'dllhost.exe' - '66' Module(s) have been scanned

Scan process 'dllhost.exe' - '52' Module(s) have been scanned

Scan process 'vssvc.exe' - '55' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avscan.exe' - '71' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '66' Module(s) have been scanned

Scan process 'alg.exe' - '42' Module(s) have been scanned

Scan process 'iPodService.exe' - '40' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '45' Module(s) have been scanned

Scan process 'avmailc.exe' - '39' Module(s) have been scanned

Scan process 'avcenter.exe' - '71' Module(s) have been scanned

Scan process 'igfxext.exe' - '31' Module(s) have been scanned

Scan process 'SuperHybridEngine.exe' - '31' Module(s) have been scanned

Scan process 'Eee Docking.exe' - '26' Module(s) have been scanned

Scan process 'avgnt.exe' - '59' Module(s) have been scanned

Scan process 'mbamgui.exe' - '33' Module(s) have been scanned

Scan process 'jusched.exe' - '24' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '33' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned

Scan process 'Reader_sl.exe' - '27' Module(s) have been scanned

Scan process 'UfSeAgnt.exe' - '42' Module(s) have been scanned

Scan process 'LiveUpdate.exe' - '48' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '33' Module(s) have been scanned

Scan process 'AsTray.exe' - '37' Module(s) have been scanned

Scan process 'AsEPCMon.exe' - '25' Module(s) have been scanned

Scan process 'AsAcpiSvr.exe' - '43' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '41' Module(s) have been scanned

Scan process 'hkcmd.exe' - '32' Module(s) have been scanned

Scan process 'igfxtray.exe' - '33' Module(s) have been scanned

Scan process 'Explorer.EXE' - '102' Module(s) have been scanned

Scan process 'wuauclt.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '47' Module(s) have been scanned

Scan process 'SfCtlCom.exe' - '65' Module(s) have been scanned

Scan process 'SeaPort.exe' - '59' Module(s) have been scanned

Scan process 'mbamservice.exe' - '43' Module(s) have been scanned

Scan process 'avshadow.exe' - '36' Module(s) have been scanned

Scan process 'jqs.exe' - '42' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '58' Module(s) have been scanned

Scan process 'avguard.exe' - '78' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'spoolsv.exe' - '63' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'svchost.exe' - '173' Module(s) have been scanned

Scan process 'svchost.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '57' Module(s) have been scanned

Scan process 'lsass.exe' - '66' Module(s) have been scanned

Scan process 'services.exe' - '40' Module(s) have been scanned

Scan process 'winlogon.exe' - '72' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Start scanning boot sectors:

Master boot sector HD0

[DETECTION] Contains code of the BOO/TDss.M boot sector virus

[NOTE] The boot sector was written!

Boot sector 'C:\'

[DETECTION] Contains code of the BOO/TDss.M boot sector virus

[NOTE] The boot sector has not been repaired!

Starting to scan executable files (registry).

The registry was scanned ( '1115' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\3b702edd-19eeadbe.vir

[0] Archive type: ZIP

--> buildService/MapYandex.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AH exploit

C:\WINDOWS\SoftwareDistribution\Download\9fb5ed881f4ba5e862205ff43febecec\BIT12.tmp

[0] Archive type: CAB SFX (self extracting)

--> _sfx_0018._p

[WARNING] The file could not be written!

Beginning disinfection:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\3b702edd-19eeadbe.vir

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AH exploit

[NOTE] The file was moved to the quarantine directory under the name '446d06f8.qua'.

End of the scan: Monday, September 12, 2011 02:09

Used time: 1:18:03 Hour(s)

The scan has been done completely.

9003 Scanned directories

255763 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

1 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

255762 Files not concerned

7179 Archives were scanned

1 Warnings

3 Notes

After I ran this, I restarted the machine 3 different times, and was still able to replicate the flashing _ that I had noted earlier. I am going to go ahead and run the F-Secure one now, too, and will post that up next. Please let me know if you want me to continue running the rest of the links, or what to do next.

Also, while running the Avira in full mode, MBAM alerted of many "successful attempts to block a malicious site" popups.

Link to post
Share on other sites

Sorry for the mulitple posts - since there was no reply, I thought I'd go ahead try to see if the external drive would work (which it did ) and do the other tests.

I ran the remaining three tests.

Both F-Secure & BitDefender were negative:

F-Secure found 0 malware

BitDefender found No malware on Master Boot or the drives.

Kapersky's ran, too, and found 4 different things that it said it either deleted or disinfected. I saved the report in the rescue program, but am unable to find it on the netbook booted in normal mode.

On a side note, I have completed 5 shutdowns and one restart, and the flashing _ is no longer there. The netbook now boots up as normal.

I will continue to not do much to the PC for now, and will await your next advice.

Thanks in advance so much,

Michael

Link to post
Share on other sites

ComboFix 11-09-15.05 - Amy 09/16/2011 8:06.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.496 [GMT -4:00]

Running from: c:\documents and settings\Amy\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))

.

.

2011-09-16 11:58 . 2011-09-16 11:58 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422EC310-F251-4E69-93C9-9142FCC7FAB3}\MpKslf5564fac.sys

2011-09-15 11:18 . 2011-08-11 23:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-15 11:18 . 2011-08-11 23:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422EC310-F251-4E69-93C9-9142FCC7FAB3}\mpengine.dll

2011-09-13 14:18 . 2011-09-13 14:18 -------- d-----w- c:\program files\iPod

2011-09-13 14:11 . 2011-09-13 14:11 -------- d-----w- c:\program files\Bonjour

2011-09-13 13:49 . 2011-09-13 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-13 13:42 . 2011-09-13 13:43 -------- dc-h--w- c:\windows\ie8

2011-09-13 13:15 . 2011-09-02 23:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-09-13 13:15 . 2011-09-02 23:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-09-13 12:38 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-13 12:32 . 2011-09-13 12:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-13 10:05 . 2011-09-13 10:09 -------- d-----w- c:\documents and settings\Amy\Local Settings\Application Data\Trend Micro

2011-09-13 03:20 . 2011-09-13 05:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-09-13 02:17 . 2011-09-13 02:19 -------- d-----w- C:\bd_logs

2011-09-12 02:31 . 2011-09-12 02:31 -------- d-----w- c:\windows\system32\NtmsData

2011-09-12 02:17 . 2011-09-15 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-09-12 02:17 . 2011-09-12 02:17 -------- d-----w- c:\program files\Avira

2011-09-05 19:14 . 2011-09-05 19:14 -------- d-----w- c:\program files\Common Files\Java

2011-09-05 19:14 . 2011-05-04 08:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-09-05 19:14 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-05 19:08 . 2011-09-05 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-09-05 18:57 . 2011-09-13 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-05 18:57 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 18:45 . 2011-09-05 18:45 -------- d-sh--w- c:\documents and settings\Holly\PrivacIE

2011-09-05 18:44 . 2011-09-05 18:44 -------- d-----w- c:\documents and settings\Holly\Application Data\Malwarebytes

2011-08-25 21:31 . 2011-08-25 21:31 -------- d-----w- c:\documents and settings\Amy\Application Data\Malwarebytes

2011-08-25 21:30 . 2011-08-25 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2009-08-11 13:03 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2009-08-11 13:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02 . 2009-08-11 13:03 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10 . 2009-08-11 13:13 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2009-08-11 13:03 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2009-08-11 13:03 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2009-08-11 13:03 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2009-08-11 13:03 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2009-08-11 13:03 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-09-03 06:01 . 2011-05-01 23:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-08_02.20.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2011-09-16 11:58 . 2011-09-16 11:58 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat

- 2009-08-11 13:03 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

+ 2009-08-11 13:03 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe

+ 2009-08-11 19:07 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe

- 2009-08-11 19:07 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe

+ 2009-08-11 19:55 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 46592 c:\windows\system32\pngfilt.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll

+ 2009-08-11 13:03 . 2011-09-16 12:02 72276 c:\windows\system32\perfc009.dat

- 2009-01-08 01:20 . 2009-01-08 01:20 23552 c:\windows\system32\normaliz.dll

+ 2009-01-08 01:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll

+ 2009-01-08 01:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll

- 2009-01-08 01:20 . 2009-01-08 01:20 24576 c:\windows\system32\nlsdl.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe

- 2009-08-11 13:03 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe

+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe

- 2009-03-08 11:31 . 2009-03-08 11:31 13312 c:\windows\system32\msfeedssync.exe

- 2009-03-08 11:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 94720 c:\windows\system32\inseng.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 34816 c:\windows\system32\imgutil.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll

+ 2009-03-08 11:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe

- 2009-03-08 11:32 . 2009-03-08 11:32 36864 c:\windows\system32\ieudinit.exe

+ 2009-08-11 13:03 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 71680 c:\windows\system32\iesetup.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 55808 c:\windows\system32\iernonce.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll

- 2009-01-08 01:20 . 2009-01-08 01:20 26112 c:\windows\system32\idndl.dll

+ 2009-01-08 01:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll

- 2009-03-08 11:31 . 2009-03-08 11:31 59904 c:\windows\system32\icardie.dll

+ 2011-09-13 14:12 . 2011-05-10 12:06 42496 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaapl.sys

+ 2011-09-13 14:12 . 2011-05-10 12:06 18432 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\netaapl.sys

+ 2009-12-25 00:59 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-12-25 00:59 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 46592 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-08-11 13:03 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys

+ 2009-08-11 13:03 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe

- 2009-08-11 13:03 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe

- 2009-12-25 00:59 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-12-25 00:59 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 94720 c:\windows\system32\dllcache\inseng.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 34816 c:\windows\system32\dllcache\imgutil.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 71680 c:\windows\system32\dllcache\iesetup.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2009-08-11 13:14 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll

- 2009-08-11 13:14 . 2009-03-08 11:24 68608 c:\windows\system32\dllcache\hmmapi.dll

- 2009-08-11 13:03 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-08-11 13:03 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 18944 c:\windows\system32\dllcache\corpol.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 72704 c:\windows\system32\dllcache\admparse.dll

- 2009-08-11 13:03 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll

+ 2009-08-11 13:03 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 18944 c:\windows\system32\corpol.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 72704 c:\windows\system32\admparse.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll

+ 2011-09-13 15:34 . 2011-09-13 15:34 19968 c:\windows\Installer\f722c.msi

- 2011-05-11 07:00 . 2011-05-11 07:00 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2011-09-15 11:32 . 2011-09-15 11:32 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-09-15 11:32 . 2011-09-15 11:32 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2011-05-11 07:00 . 2011-05-11 07:00 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-06-05 07:01 . 2011-09-13 15:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-05 07:01 . 2011-04-21 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-09-13 13:58 . 2011-09-13 13:58 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

+ 2011-09-13 13:45 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll

+ 2011-09-13 13:45 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll

+ 2011-09-13 13:45 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll

+ 2011-09-13 13:45 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll

- 2010-06-11 07:16 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll

- 2010-06-11 07:16 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll

+ 2011-09-13 13:45 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll

+ 2011-09-13 13:45 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll

+ 2011-09-13 13:45 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll

+ 2011-09-13 15:18 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll

+ 2011-09-13 15:18 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 37888 c:\windows\ie8\url.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 37888 c:\windows\ie8\url.dll

+ 2011-09-13 13:42 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll

- 2009-08-11 19:42 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 96256 c:\windows\ie8\occache.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 96256 c:\windows\ie8\occache.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe

- 2009-08-11 19:42 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe

+ 2011-09-13 13:42 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 15872 c:\windows\ie8\jsproxy.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 15872 c:\windows\ie8\jsproxy.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 93184 c:\windows\ie8\iexplore.exe

+ 2011-09-13 13:42 . 2008-04-14 12:00 93184 c:\windows\ie8\iexplore.exe

- 2009-08-11 19:42 . 2008-04-14 12:00 62976 c:\windows\ie8\iesetup.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 62976 c:\windows\ie8\iesetup.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll

- 2009-08-11 19:42 . 2009-02-20 08:10 81920 c:\windows\ie8\ieencode.dll

+ 2011-09-13 13:42 . 2009-02-20 08:10 81920 c:\windows\ie8\ieencode.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe

+ 2011-09-13 13:42 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe

+ 2011-09-13 13:42 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 35328 c:\windows\ie8\corpol.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 35328 c:\windows\ie8\corpol.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 99840 c:\windows\ie8\advpack.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 99840 c:\windows\ie8\advpack.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\97e97eafeae00970e0712db0f4f934b6\WindowsLiveWriter.ni.exe

+ 2011-09-15 11:45 . 2011-09-15 11:45 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\78b53ad4063e0928bbcba152067fa7fe\WindowsLive.Writer.Api.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll

+ 2011-09-13 15:48 . 2011-09-13 15:48 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe

+ 2011-09-13 15:43 . 2011-09-13 15:43 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe

+ 2011-09-15 11:40 . 2011-09-15 11:40 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-08-11 20:02 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll

+ 2011-09-13 13:45 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

- 2006-06-05 19:14 . 2006-06-05 19:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

- 2006-06-05 19:14 . 2006-06-05 19:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

- 2006-06-05 19:14 . 2006-06-05 19:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2009-08-11 13:03 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll

- 2009-08-11 13:03 . 2009-01-08 01:21 121856 c:\windows\system32\xmllite.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe

- 2009-03-08 11:34 . 2009-03-08 11:34 208384 c:\windows\system32\WinFXDocObj.exe

+ 2009-08-11 13:03 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 236544 c:\windows\system32\webcheck.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll

+ 2009-08-11 13:03 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll

+ 2009-08-11 13:03 . 2011-09-16 12:02 442490 c:\windows\system32\perfh009.dat

+ 2009-08-11 13:03 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

- 2009-08-11 13:03 . 2008-04-14 12:00 551936 c:\windows\system32\oleaut32.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll

+ 2009-08-11 13:03 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 193536 c:\windows\system32\msrating.dll

- 2009-08-11 13:03 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll

+ 2009-08-11 13:03 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll

+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll

- 2009-03-08 11:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

+ 2009-01-08 01:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll

- 2009-01-08 01:20 . 2009-01-08 01:20 265720 c:\windows\system32\msdbg2.dll

+ 2011-09-13 13:49 . 2011-09-13 13:49 243360 c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe

+ 2011-09-13 13:49 . 2011-09-13 13:49 328864 c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.dll

+ 2009-08-11 13:14 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll

- 2009-08-11 13:14 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll

- 2009-03-08 11:22 . 2009-03-08 11:22 164352 c:\windows\system32\ieui.dll

+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll

- 2009-03-08 11:11 . 2009-03-08 11:11 445952 c:\windows\system32\ieapfltr.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 163840 c:\windows\system32\ieakui.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 229376 c:\windows\system32\ieaksie.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 125952 c:\windows\system32\ieakeng.dll

- 2009-08-11 13:03 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe

+ 2009-08-11 13:03 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe

+ 2009-08-11 06:09 . 2011-09-13 15:45 250288 c:\windows\system32\FNTCACHE.DAT

- 2009-08-11 06:09 . 2011-04-14 07:29 250288 c:\windows\system32\FNTCACHE.DAT

+ 2009-08-11 13:03 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 216064 c:\windows\system32\dxtrans.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 348160 c:\windows\system32\dxtmsft.dll

+ 2009-08-11 13:03 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys

+ 2011-04-18 17:18 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys

+ 2009-08-11 13:03 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

- 2009-08-11 13:03 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

+ 2009-08-11 13:03 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll

- 2009-08-11 13:03 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-08-11 13:03 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2009-08-11 13:14 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll

- 2009-01-08 01:20 . 2009-01-08 01:20 134144 c:\windows\system32\dllcache\sqmapi.dll

+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll

+ 2009-08-11 13:03 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

+ 2009-08-11 13:13 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys

- 2009-08-11 13:13 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys

- 2009-08-11 13:03 . 2008-04-14 12:00 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2009-08-11 13:03 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-08-11 13:03 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys

- 2009-08-11 13:03 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-08-11 13:03 . 2009-03-08 11:34 193536 c:\windows\system32\dllcache\msrating.dll

+ 2009-08-11 13:03 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll

+ 2009-08-11 13:03 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll

- 2009-08-11 13:03 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll

+ 2009-12-25 00:59 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2009-12-25 00:59 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-08-11 19:36 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys

- 2009-08-11 13:14 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-08-11 13:14 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-08-11 13:14 . 2009-03-08 21:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2009-08-11 13:14 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2009-12-25 00:59 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-12-25 00:59 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-10 14:09 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-10 14:09 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2009-08-11 13:03 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-08-11 13:03 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 163840 c:\windows\system32\dllcache\ieakui.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 229376 c:\windows\system32\dllcache\ieaksie.dll

- 2009-08-11 13:03 . 2009-03-08 11:33 125952 c:\windows\system32\dllcache\ieakeng.dll

+ 2009-08-11 13:03 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll

- 2009-08-11 13:03 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-08-11 13:03 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-08-11 13:03 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 216064 c:\windows\system32\dllcache\dxtrans.dll

- 2009-08-11 13:03 . 2009-03-08 11:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-08-11 13:03 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-08-11 13:03 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

- 2009-08-11 13:03 . 2008-04-14 12:00 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2009-08-11 13:03 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

- 2009-08-11 13:03 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

- 2009-08-11 13:03 . 2009-03-08 11:32 128512 c:\windows\system32\dllcache\advpack.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll

- 2009-08-11 13:03 . 2009-03-08 11:32 128512 c:\windows\system32\advpack.dll

+ 2009-08-11 13:03 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-09-13 15:30 . 2011-09-13 15:30 223744 c:\windows\Installer\f721d.msi

+ 2011-09-13 12:33 . 2011-09-13 12:33 785920 c:\windows\Installer\e786d.msi

+ 2011-09-13 12:33 . 2011-09-13 12:33 483840 c:\windows\Installer\e7867.msi

+ 2011-09-13 12:32 . 2011-09-13 12:32 301056 c:\windows\Installer\e7862.msi

+ 2011-09-12 02:15 . 2011-09-12 02:15 219648 c:\windows\Installer\5d8c7.msi

+ 2011-09-13 14:39 . 2011-09-13 14:39 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A83000000003}\SC_Reader.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-08-11 19:59 . 2011-09-15 11:32 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2011-09-13 14:20 . 2011-09-13 14:20 380928 c:\windows\Installer\{69995C7A-062A-4A90-A4DF-8C22895DF522}\iTunesIco.exe

+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2011-09-13 13:45 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll

+ 2011-09-13 13:45 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll

+ 2011-09-13 13:45 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe

- 2010-06-11 07:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll

+ 2011-09-13 13:45 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll

+ 2011-09-13 13:45 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe

- 2010-06-11 07:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe

+ 2011-09-13 13:45 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe

+ 2011-09-13 13:45 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll

- 2010-06-11 07:16 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll

+ 2011-09-13 13:45 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll

- 2010-06-11 07:16 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll

+ 2011-09-13 13:45 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll

+ 2011-09-13 13:45 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll

+ 2011-09-13 13:45 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll

- 2010-06-11 07:16 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll

+ 2011-09-13 13:45 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll

+ 2011-09-13 13:45 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll

- 2010-06-11 07:16 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe

+ 2011-09-13 13:45 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe

+ 2011-09-13 13:45 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll

+ 2011-09-13 13:45 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll

+ 2011-09-13 13:45 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll

+ 2011-09-13 13:45 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe

+ 2011-09-13 13:45 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll

+ 2011-09-13 13:45 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe

+ 2011-09-13 15:30 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2011-09-13 15:30 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2011-09-13 15:30 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2011-09-13 15:18 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

- 2011-04-14 07:00 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

+ 2011-09-13 15:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll

+ 2011-09-13 15:18 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe

- 2011-04-14 07:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2011-09-13 15:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2011-09-13 15:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

- 2011-04-14 07:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

+ 2011-09-13 15:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe

+ 2011-09-13 15:18 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

- 2011-04-14 07:00 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

+ 2011-09-13 13:45 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll

+ 2011-09-13 13:45 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe

- 2009-08-11 19:42 . 2009-02-20 08:10 666112 c:\windows\ie8\wininet.dll

+ 2011-09-13 13:42 . 2009-02-20 08:10 666112 c:\windows\ie8\wininet.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 276480 c:\windows\ie8\webcheck.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 276480 c:\windows\ie8\webcheck.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll

+ 2011-09-13 13:42 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll

- 2009-08-11 19:42 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll

- 2009-08-11 19:42 . 2009-02-20 08:10 619520 c:\windows\ie8\urlmon.dll

+ 2011-09-13 13:42 . 2009-02-20 08:10 619520 c:\windows\ie8\urlmon.dll

- 2009-08-11 19:42 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll

+ 2011-09-13 13:42 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll

+ 2011-09-13 13:42 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe

- 2009-08-11 19:42 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe

- 2009-08-11 19:42 . 2008-04-14 12:00 532480 c:\windows\ie8\mstime.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 532480 c:\windows\ie8\mstime.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 449024 c:\windows\ie8\mshtmled.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 449024 c:\windows\ie8\mshtmled.dll

+ 2011-09-13 13:42 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll

- 2009-08-11 19:42 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 251904 c:\windows\ie8\iepeers.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 251904 c:\windows\ie8\iepeers.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 323584 c:\windows\ie8\iedkcs32.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 323584 c:\windows\ie8\iedkcs32.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll

- 2009-08-11 19:42 . 2008-04-14 12:00 357888 c:\windows\ie8\dxtmsft.dll

+ 2011-09-13 13:42 . 2008-04-14 12:00 357888 c:\windows\ie8\dxtmsft.dll

+ 2009-08-11 19:36 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2011-09-15 11:45 . 2011-09-15 11:45 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe

+ 2011-09-15 11:45 . 2011-09-15 11:45 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\e8e227f8d6f7e673a88df199558f48b4\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f73c94fa0013742b73f324125c580453\WindowsLive.Writer.FileDestinations.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f1353befa955f012cd30f76ad8297306\WindowsLive.Writer.HtmlParser.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0c4570b4222b775a7a40e097a5d8065\WindowsLive.Writer.Instrumentation.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\edc5f41c43b9691ee627f6830fbd3d63\WindowsLive.Writer.SpellChecker.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d78f83ddd58e30d6b7beb63b7534f092\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d03ecf5f53da074d00ee83514cb01037\WindowsLive.Writer.Passport.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a1e0ab442d63b900ab191df44c9bc87d\WindowsLive.Writer.Controls.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93e2d41c89a4aec33e67d629636be312\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b820482a2d9fb2c2ca60d501d1f0fee\WindowsLive.Writer.BrowserControl.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ff7182984713139fd834adde115ae68\WindowsLive.Writer.Interop.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ca46ae4422c6a299892ce94c321a562\WindowsLive.Writer.Localization.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30ea49e7278bbc186912fef6cb23f8e1\WindowsLive.Writer.Extensibility.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25b63a138fb6bb341ac5b712e87b843e\WindowsLive.Writer.BlogClient.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1eec36ce6bf0107aaff32457b9e45ded\WindowsLive.Writer.Mshtml.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0885c8aa9ae29836cc0aa61ac5b1103d\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3337eba040f4c0337e26225eea39a89f\WindowsLive.Client.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll

+ 2011-09-15 11:41 . 2011-09-15 11:41 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll

+ 2011-09-15 11:41 . 2011-09-15 11:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll

+ 2011-09-13 15:51 . 2011-09-13 15:51 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe

+ 2011-09-15 11:45 . 2011-09-15 11:45 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe

+ 2011-09-13 15:49 . 2011-09-13 15:49 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe

+ 2011-09-15 11:45 . 2011-09-15 11:45 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe

Link to post
Share on other sites

+ 2011-09-15 11:40 . 2011-09-15 11:40 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2009-08-11 13:03 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys

+ 2009-08-11 13:03 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll

+ 2009-08-11 13:03 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll

+ 2008-03-20 22:06 . 2008-03-20 22:06 1480232 c:\windows\system32\LegitCheckControl.dll

- 2009-03-08 11:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll

+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll

+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat

- 2009-02-07 04:07 . 2009-02-07 04:07 3698584 c:\windows\system32\ieapfltr.dat

+ 2011-09-13 14:12 . 2011-05-10 12:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaaplrc.dll

+ 2011-09-13 14:12 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\wdfcoinstaller01009.dll

+ 2009-08-11 13:03 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2009-08-11 13:03 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2009-08-11 13:03 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll

+ 2009-12-25 00:59 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll

- 2009-12-25 00:59 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\f7232.msp

+ 2011-04-29 16:31 . 2011-04-29 16:31 9006080 c:\windows\Installer\f720a.msp

+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\f71eb.msp

+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\f71d1.msp

+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\d4e39.msp

+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\d4e31.msp

+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\d4e12.msp

+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\d4e0b.msp

+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\d4df2.msp

+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\d4dd8.msp

+ 2011-09-13 14:20 . 2011-09-13 14:20 5467136 c:\windows\Installer\7aaf3.msi

+ 2011-09-13 14:12 . 2011-09-13 14:12 3085312 c:\windows\Installer\7a10a.msi

+ 2011-09-13 14:11 . 2011-09-13 14:11 1984512 c:\windows\Installer\7a0fe.msi

+ 2011-09-13 14:06 . 2011-09-13 14:06 9474048 c:\windows\Installer\7a0de.msi

+ 2011-09-13 14:01 . 2011-09-13 14:01 1485312 c:\windows\Installer\79e05.msi

+ 2011-09-13 13:58 . 2011-09-13 13:58 1769984 c:\windows\Installer\79cdb.msi

+ 2011-09-13 13:55 . 2011-09-13 13:55 1710592 c:\windows\Installer\79c6e.msi

+ 2011-09-13 14:39 . 2011-09-13 14:39 4272128 c:\windows\Installer\6adc3.msi

+ 2009-08-11 19:59 . 2011-09-15 11:32 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-08-11 19:59 . 2011-05-11 07:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

+ 2011-09-13 13:45 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll

+ 2011-09-13 13:45 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll

+ 2011-09-13 13:45 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll

- 2009-08-11 19:42 . 2009-02-20 08:11 3068416 c:\windows\ie8\mshtml.dll

+ 2011-09-13 13:42 . 2009-02-20 08:11 3068416 c:\windows\ie8\mshtml.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fdad016fef04d32712a21af80a23051d\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dc8595dc676d5134e7be100dc2713745\WindowsLive.Writer.CoreServices.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9dd26d88f17b553c4a2b2a842642735d\WindowsLive.Writer.PostEditor.ni.dll

+ 2011-09-13 15:44 . 2011-09-13 15:44 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll

+ 2011-09-13 15:43 . 2011-09-13 15:43 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll

+ 2011-09-13 15:53 . 2011-09-13 15:53 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll

+ 2011-09-13 15:52 . 2011-09-13 15:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll

+ 2011-09-15 11:41 . 2011-09-15 11:41 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll

+ 2011-09-13 15:52 . 2011-09-13 15:52 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll

+ 2011-09-15 11:40 . 2011-09-15 11:40 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll

+ 2011-09-13 15:51 . 2011-09-13 15:51 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll

+ 2011-09-13 15:50 . 2011-09-13 15:50 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll

+ 2011-09-15 11:43 . 2011-09-15 11:43 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll

+ 2011-09-13 15:50 . 2011-09-13 15:50 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll

+ 2011-09-15 11:48 . 2011-09-15 11:48 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll

+ 2011-09-13 15:50 . 2011-09-13 15:50 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll

+ 2011-09-13 15:43 . 2011-09-13 15:43 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll

+ 2011-09-15 11:45 . 2011-09-15 11:45 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-15 11:49 . 2011-09-15 11:49 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll

+ 2011-09-15 11:46 . 2011-09-15 11:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-09-13 15:40 . 2011-09-13 15:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-04-14 07:09 . 2011-04-14 07:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-09-13 15:41 . 2011-09-13 15:41 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-04-14 07:10 . 2011-04-14 07:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-12-25 05:43 . 2011-09-15 11:27 46249416 c:\windows\system32\MRT.exe

+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll

+ 2009-12-25 00:59 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-09-13 15:31 . 2011-09-13 15:31 20333056 c:\windows\Installer\f7227.msp

+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\f7216.msp

+ 2011-09-13 13:45 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll

+ 2011-09-13 13:45 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll

+ 2011-09-13 15:52 . 2011-09-13 15:52 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll

+ 2011-09-15 11:44 . 2011-09-15 11:44 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll

+ 2011-09-15 11:42 . 2011-09-15 11:42 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll

+ 2011-09-13 15:51 . 2011-09-13 15:51 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll

+ 2011-09-13 15:49 . 2011-09-13 15:49 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll

+ 2011-09-13 15:48 . 2011-09-13 15:48 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll

+ 2011-09-13 15:30 . 2011-09-13 15:30 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-05-27 18:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [6/1/2010 9:14 PM 11448]

R1 MpKslf5564fac;MpKslf5564fac;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422EC310-F251-4E69-93C9-9142FCC7FAB3}\MpKslf5564fac.sys [9/16/2011 7:58 AM 28752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2011 2:57 PM 366152]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 9:59 PM 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 2:57 PM 22216]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 1:47 AM 39040]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 3:00 PM 1684736]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 8:24 AM 1015424]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLF5564FAC

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-09-16 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://pbskids.org/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Amy\Application Data\Mozilla\Firefox\Profiles\mpmfoy7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-16 08:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2720)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-09-16 08:21:35

ComboFix-quarantined-files.txt 2011-09-16 12:21

ComboFix2.txt 2011-09-08 02:28

.

Pre-Run: 132,773,404,672 bytes free

Post-Run: 133,288,792,064 bytes free

.

- - End Of File - - E8C47EE9ECB372F082374E00019D0458

Link to post
Share on other sites

I just double checked, and what I posted is the combofix2.txt file. I did 2 posts because the log was too long to be put in one, so i cut it in half. Everything in the first few lines matches word for word to what I posted when looking at the combofix2.txt file.

Is there anything else I should do to find what you're looking for?

Link to post
Share on other sites

  • Staff

Never mind that part. My mistake.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

It went rather quick and found 0.

07:40:43.0213 2712 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

07:40:43.0619 2712 ============================================================

07:40:43.0619 2712 Current date / time: 2011/09/24 07:40:43.0619

07:40:43.0619 2712 SystemInfo:

07:40:43.0619 2712

07:40:43.0619 2712 OS Version: 5.1.2600 ServicePack: 3.0

07:40:43.0619 2712 Product type: Workstation

07:40:43.0619 2712 ComputerName: YOUR-60PTM4WI4X

07:40:43.0619 2712 UserName: Amy

07:40:43.0619 2712 Windows directory: C:\WINDOWS

07:40:43.0619 2712 System windows directory: C:\WINDOWS

07:40:43.0619 2712 Processor architecture: Intel x86

07:40:43.0619 2712 Number of processors: 2

07:40:43.0619 2712 Page size: 0x1000

07:40:43.0619 2712 Boot type: Normal boot

07:40:43.0619 2712 ============================================================

07:40:46.0291 2712 Initialize success

07:40:56.0978 3012 ============================================================

07:40:56.0978 3012 Scan started

07:40:56.0978 3012 Mode: Manual;

07:40:56.0978 3012 ============================================================

07:40:58.0072 3012 Abiosdsk - ok

07:40:58.0150 3012 abp480n5 - ok

07:40:58.0275 3012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:40:58.0291 3012 ACPI - ok

07:40:59.0057 3012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

07:40:59.0072 3012 ACPIEC - ok

07:40:59.0369 3012 adpu160m - ok

07:40:59.0713 3012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:40:59.0713 3012 aec - ok

07:41:00.0088 3012 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

07:41:00.0103 3012 AFD - ok

07:41:00.0447 3012 Aha154x - ok

07:41:00.0932 3012 aic78u2 - ok

07:41:01.0385 3012 aic78xx - ok

07:41:01.0666 3012 AliIde - ok

07:41:02.0010 3012 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

07:41:02.0666 3012 Ambfilt - ok

07:41:02.0978 3012 amsint - ok

07:41:03.0353 3012 AmUStor - ok

07:41:04.0119 3012 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys

07:41:04.0525 3012 AR5416 - ok

07:41:04.0947 3012 asc - ok

07:41:05.0228 3012 asc3350p - ok

07:41:05.0588 3012 asc3550 - ok

07:41:05.0978 3012 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys

07:41:05.0994 3012 AsUpIO - ok

07:41:06.0478 3012 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

07:41:06.0478 3012 AsusACPI - ok

07:41:06.0822 3012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:41:06.0838 3012 AsyncMac - ok

07:41:07.0150 3012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:41:07.0166 3012 atapi - ok

07:41:07.0932 3012 Atdisk - ok

07:41:08.0322 3012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:41:08.0322 3012 Atmarpc - ok

07:41:08.0760 3012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:41:08.0760 3012 audstub - ok

07:41:09.0166 3012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:41:09.0182 3012 Beep - ok

07:41:09.0572 3012 btaudio - ok

07:41:10.0369 3012 BTDriver - ok

07:41:10.0697 3012 BTWDNDIS - ok

07:41:11.0010 3012 btwhid - ok

07:41:11.0353 3012 BTWUSB - ok

07:41:11.0463 3012 catchme - ok

07:41:12.0010 3012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:41:12.0025 3012 cbidf2k - ok

07:41:12.0853 3012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

07:41:12.0853 3012 CCDECODE - ok

07:41:13.0150 3012 cd20xrnt - ok

07:41:13.0713 3012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:41:13.0728 3012 Cdaudio - ok

07:41:14.0478 3012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:41:14.0494 3012 Cdfs - ok

07:41:15.0119 3012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:41:15.0119 3012 Cdrom - ok

07:41:15.0635 3012 Changer - ok

07:41:16.0525 3012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

07:41:16.0525 3012 CmBatt - ok

07:41:16.0853 3012 CmdIde - ok

07:41:17.0400 3012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

07:41:17.0400 3012 Compbatt - ok

07:41:17.0869 3012 Cpqarray - ok

07:41:18.0119 3012 dac2w2k - ok

07:41:18.0416 3012 dac960nt - ok

07:41:18.0947 3012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:41:18.0963 3012 Disk - ok

07:41:19.0635 3012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:41:19.0822 3012 dmboot - ok

07:41:20.0494 3012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:41:20.0494 3012 dmio - ok

07:41:20.0916 3012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:41:20.0916 3012 dmload - ok

07:41:21.0166 3012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:41:21.0182 3012 DMusic - ok

07:41:21.0463 3012 dpti2o - ok

07:41:21.0853 3012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:41:21.0853 3012 drmkaud - ok

07:41:22.0494 3012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:41:22.0494 3012 Fastfat - ok

07:41:22.0838 3012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

07:41:22.0838 3012 Fdc - ok

07:41:25.0416 3012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:41:25.0416 3012 Fips - ok

07:41:25.0807 3012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

07:41:25.0807 3012 Flpydisk - ok

07:41:26.0135 3012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

07:41:26.0135 3012 FltMgr - ok

07:41:26.0666 3012 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

07:41:26.0666 3012 fssfltr - ok

07:41:27.0541 3012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:41:27.0557 3012 Fs_Rec - ok

07:41:27.0807 3012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:41:27.0822 3012 Ftdisk - ok

07:41:28.0197 3012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

07:41:28.0213 3012 GEARAspiWDM - ok

07:41:28.0853 3012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:41:28.0853 3012 Gpc - ok

07:41:29.0463 3012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

07:41:29.0463 3012 HDAudBus - ok

07:41:29.0853 3012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:41:29.0853 3012 HidUsb - ok

07:41:30.0557 3012 hpn - ok

07:41:31.0025 3012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:41:31.0041 3012 HTTP - ok

07:41:31.0760 3012 i2omgmt - ok

07:41:32.0041 3012 i2omp - ok

07:41:32.0572 3012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:41:32.0588 3012 i8042prt - ok

07:41:33.0869 3012 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

07:41:35.0291 3012 ialm - ok

07:41:36.0041 3012 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

07:41:36.0057 3012 iaStor - ok

07:41:36.0697 3012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:41:36.0697 3012 Imapi - ok

07:41:36.0994 3012 ini910u - ok

07:41:38.0103 3012 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys

07:41:38.0541 3012 IntcAzAudAddService - ok

07:41:38.0853 3012 IntelIde - ok

07:41:39.0166 3012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:41:39.0182 3012 intelppm - ok

07:41:39.0963 3012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

07:41:39.0978 3012 Ip6Fw - ok

07:41:40.0603 3012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:41:40.0619 3012 IpFilterDriver - ok

07:41:40.0963 3012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:41:40.0963 3012 IpInIp - ok

07:41:41.0744 3012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:41:41.0744 3012 IpNat - ok

07:41:42.0182 3012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:41:42.0182 3012 IPSec - ok

07:41:42.0463 3012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:41:42.0478 3012 IRENUM - ok

07:41:42.0838 3012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:41:42.0838 3012 isapnp - ok

07:41:43.0432 3012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:41:43.0432 3012 Kbdclass - ok

07:41:43.0697 3012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:41:43.0713 3012 kmixer - ok

07:41:43.0916 3012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:41:43.0932 3012 KSecDD - ok

07:41:44.0228 3012 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

07:41:44.0228 3012 L1c - ok

07:41:44.0572 3012 lbrtfdc - ok

07:41:44.0697 3012 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

07:41:44.0713 3012 MBAMProtector - ok

07:41:44.0822 3012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:41:44.0822 3012 mnmdd - ok

07:41:44.0916 3012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:41:44.0916 3012 Modem - ok

07:41:45.0057 3012 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

07:41:45.0150 3012 Monfilt - ok

07:41:45.0744 3012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:41:45.0744 3012 Mouclass - ok

07:41:45.0807 3012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:41:45.0822 3012 mouhid - ok

07:41:45.0963 3012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:41:46.0041 3012 MountMgr - ok

07:41:46.0682 3012 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

07:41:46.0697 3012 MpFilter - ok

07:41:46.0807 3012 MpKsl07bb101e (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45015960-2C37-432B-8B5A-119AC200A2DE}\MpKsl07bb101e.sys

07:41:46.0807 3012 MpKsl07bb101e - ok

07:41:46.0994 3012 mraid35x - ok

07:41:47.0103 3012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:41:47.0103 3012 MRxDAV - ok

07:41:47.0244 3012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:41:47.0275 3012 MRxSmb - ok

07:41:47.0728 3012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:41:47.0744 3012 Msfs - ok

07:41:47.0838 3012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:41:47.0838 3012 MSKSSRV - ok

07:41:47.0932 3012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:41:47.0932 3012 MSPCLOCK - ok

07:41:48.0010 3012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:41:48.0025 3012 MSPQM - ok

07:41:48.0166 3012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:41:48.0166 3012 mssmbios - ok

07:41:48.0557 3012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

07:41:48.0572 3012 MSTEE - ok

07:41:48.0885 3012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:41:48.0885 3012 Mup - ok

07:41:49.0119 3012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

07:41:49.0135 3012 NABTSFEC - ok

07:41:49.0791 3012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:41:49.0807 3012 NDIS - ok

07:41:50.0072 3012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

07:41:50.0088 3012 NdisIP - ok

07:41:50.0291 3012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:41:50.0291 3012 NdisTapi - ok

07:41:50.0353 3012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:41:50.0353 3012 Ndisuio - ok

07:41:50.0494 3012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:41:50.0510 3012 NdisWan - ok

07:41:50.0572 3012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:41:50.0572 3012 NDProxy - ok

07:41:50.0635 3012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:41:50.0635 3012 NetBIOS - ok

07:41:50.0963 3012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:41:50.0978 3012 NetBT - ok

07:41:51.0088 3012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:41:51.0103 3012 Npfs - ok

07:41:51.0150 3012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:41:51.0166 3012 Ntfs - ok

07:41:51.0228 3012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:41:51.0228 3012 Null - ok

07:41:51.0275 3012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:41:51.0291 3012 NwlnkFlt - ok

07:41:51.0307 3012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:41:51.0307 3012 NwlnkFwd - ok

07:41:51.0557 3012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

07:41:51.0557 3012 Parport - ok

07:41:51.0978 3012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:41:51.0978 3012 PartMgr - ok

07:41:52.0338 3012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:41:52.0338 3012 ParVdm - ok

07:41:52.0666 3012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:41:52.0666 3012 PCI - ok

07:41:53.0197 3012 PCIDump - ok

07:41:53.0650 3012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

07:41:53.0666 3012 PCIIde - ok

07:41:54.0275 3012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:41:54.0291 3012 Pcmcia - ok

07:41:54.0525 3012 PDCOMP - ok

07:41:54.0947 3012 PDFRAME - ok

07:41:55.0135 3012 PDRELI - ok

07:41:55.0182 3012 PDRFRAME - ok

07:41:55.0213 3012 perc2 - ok

07:41:55.0228 3012 perc2hib - ok

07:41:55.0353 3012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:41:55.0353 3012 PptpMiniport - ok

07:41:55.0557 3012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:41:55.0557 3012 PSched - ok

07:41:55.0994 3012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:41:55.0994 3012 Ptilink - ok

07:41:56.0213 3012 ql1080 - ok

07:41:56.0338 3012 Ql10wnt - ok

07:41:56.0588 3012 ql12160 - ok

07:41:56.0869 3012 ql1240 - ok

07:41:57.0244 3012 ql1280 - ok

07:41:57.0994 3012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:41:58.0010 3012 RasAcd - ok

07:41:58.0260 3012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:41:58.0260 3012 Rasl2tp - ok

07:41:58.0541 3012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:41:58.0541 3012 RasPppoe - ok

07:41:58.0682 3012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:41:58.0682 3012 Raspti - ok

07:41:59.0213 3012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:41:59.0213 3012 Rdbss - ok

07:41:59.0557 3012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:41:59.0557 3012 RDPCDD - ok

07:42:00.0119 3012 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

07:42:00.0135 3012 RDPWD - ok

07:42:00.0385 3012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:42:00.0400 3012 redbook - ok

07:42:00.0963 3012 RT80x86 (97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32\DRIVERS\RT2860.sys

07:42:01.0135 3012 RT80x86 - ok

07:42:01.0478 3012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:42:01.0478 3012 Secdrv - ok

07:42:01.0885 3012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

07:42:01.0885 3012 Serial - ok

07:42:02.0322 3012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:42:02.0322 3012 Sfloppy - ok

07:42:02.0588 3012 Simbad - ok

07:42:02.0916 3012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

07:42:02.0932 3012 SLIP - ok

07:42:03.0322 3012 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

07:42:03.0650 3012 SNP2UVC - ok

07:42:03.0947 3012 Sparrow - ok

07:42:04.0088 3012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:42:04.0103 3012 splitter - ok

07:42:04.0463 3012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:42:04.0463 3012 sr - ok

07:42:04.0994 3012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:42:05.0057 3012 Srv - ok

07:42:05.0369 3012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

07:42:05.0369 3012 streamip - ok

07:42:05.0666 3012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:42:05.0666 3012 swenum - ok

07:42:05.0963 3012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:42:05.0978 3012 swmidi - ok

07:42:06.0244 3012 symc810 - ok

07:42:06.0447 3012 symc8xx - ok

07:42:06.0697 3012 sym_hi - ok

07:42:06.0932 3012 sym_u3 - ok

07:42:07.0338 3012 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys

07:42:07.0353 3012 SynTP - ok

07:42:07.0619 3012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:42:07.0619 3012 sysaudio - ok

07:42:07.0994 3012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:42:08.0244 3012 Tcpip - ok

07:42:08.0619 3012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:42:08.0619 3012 TDPIPE - ok

07:42:09.0072 3012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:42:09.0088 3012 TDTCP - ok

07:42:09.0713 3012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:42:09.0713 3012 TermDD - ok

07:42:10.0166 3012 TosIde - ok

07:42:10.0494 3012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:42:10.0510 3012 Udfs - ok

07:42:10.0807 3012 ultra - ok

07:42:10.0932 3012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:42:10.0994 3012 Update - ok

07:42:11.0322 3012 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

07:42:11.0400 3012 USBAAPL - ok

07:42:11.0697 3012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:42:11.0697 3012 usbccgp - ok

07:42:12.0072 3012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:42:12.0088 3012 usbehci - ok

07:42:12.0260 3012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:42:12.0275 3012 usbhub - ok

07:42:12.0338 3012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:42:12.0338 3012 usbscan - ok

07:42:12.0603 3012 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:42:12.0603 3012 usbstor - ok

07:42:12.0853 3012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:42:12.0853 3012 usbuhci - ok

07:42:12.0994 3012 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

07:42:13.0010 3012 usbvideo - ok

07:42:13.0463 3012 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys

07:42:13.0463 3012 uvclf - ok

07:42:13.0791 3012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:42:13.0791 3012 VgaSave - ok

07:42:14.0166 3012 ViaIde - ok

07:42:14.0260 3012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:42:14.0275 3012 VolSnap - ok

07:42:14.0588 3012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:42:14.0588 3012 Wanarp - ok

07:42:14.0713 3012 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

07:42:14.0744 3012 Wdf01000 - ok

07:42:14.0932 3012 WDICA - ok

07:42:15.0010 3012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:42:15.0010 3012 wdmaud - ok

07:42:15.0385 3012 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

07:42:15.0385 3012 WpdUsb - ok

07:42:15.0760 3012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:42:15.0760 3012 WS2IFSL - ok

07:42:16.0135 3012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

07:42:16.0135 3012 WSTCODEC - ok

07:42:16.0432 3012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:42:16.0432 3012 WudfPf - ok

07:42:16.0682 3012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:42:16.0682 3012 WudfRd - ok

07:42:16.0760 3012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:42:19.0353 3012 \Device\Harddisk0\DR0 - ok

07:42:19.0369 3012 Boot (0x1200) (8d0c98acf07e1c09bdefee5ebdfb8ca2) \Device\Harddisk0\DR0\Partition0

07:42:19.0385 3012 \Device\Harddisk0\DR0\Partition0 - ok

07:42:19.0385 3012 ============================================================

07:42:19.0385 3012 Scan finished

07:42:19.0385 3012 ============================================================

07:42:19.0416 3160 Detected object count: 0

07:42:19.0416 3160 Actual detected object count: 0

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=816e28e800c3ec4f8c32b5cdac34f009

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-27 02:30:10

# local_time=2011-09-27 10:30:10 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16774142 0 1 120344 120344 0 0

# compatibility_mode=5891 16776533 42 87 0 13059628 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=56544

# found=0

# cleaned=0

# scan_time=5455

Security Check:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Flash Player Out of Date!

Adobe Flash Player 10.2.152.32

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

All issues that were present when I first presented the problem have ceased. As you can see, I have installed Mozilla & MSE to run as the antivirus. I have done all Windows Updates as this machine for some reason had them turned off. I have also installed the latest versions of Mozilla & IE. The machine seems to be running normal. I will await your input as to if you think the machine is clean.

Thank you again so much for your time,

Michael

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 26

Adobe Reader 8.0

Adobe Flash Player 10.2.152.32

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.