Hello,

I've run the Malwarebytes scan and it came up with 2 infected files, one of the was quarantined and deleted successfully, the other one is supposed to be deleted upon restart, but it doesn't.

Here are my logs:

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 6.0.6001 Service Pack 1

8/7/2009 4:53:48 PM
mbam-log-2009-08-07 (16-53-48).txt

Scan type: Quick Scan
Objects scanned: 86796
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.



HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:12 PM, on 8/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DNP] C:\Program Files\Desktop Notepad\Desktop Notepad.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.bat.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 13388 bytes





Any help is appreciated! Thanks

Hi I3randon And Welcome to Malwarebytes!


Download RootRepeal:
http://rootrepeal.googlepages.com/RootRepeal.zip

• Extract the archive to a folder you create such as C:\RootRepeal
• Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
• Click the "File" tab (located at the bottom of the RootRepeal screen)
• Click the "Scan" button
• In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
• Click OK and the file scan will begin
• When the scan is done, there will be files listed, but most if not all of them will be legitimate
• Click the "Save Report" Button
• Save the log file to your Documents folder
• Post the content of the RootRepeal file scan log in your next reply.

Thanks for the reply Kenny94, here's the RootRepeal Log:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/08 11:51
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{409F0~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{48a8f4b6-61a9-11de-8e87-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fac9-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fad1-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fad7-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a6f3c9f1-64a7-11de-ba96-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{DB3B8~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1659B~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1a7a7e2b-629d-11de-bf2f-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{243eebf2-6cab-11de-a8a0-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{337C1~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{337C1~2
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\UACbteplxwpnoswrrdwh.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACfpyohmpsxcxasrdar.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UAChqvbtxltuauwdhaxc.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACkirreecvmpqlhcdfv.db
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACobmxkmoxitwxfywms.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACsrqddvspjptiqrxns.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\uactmp.db
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACumtneufxlhfpqkmiq.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\mcmsc_bifvud8gvgqlb1k
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_4zmxk1wiiordrby
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\Temp\UAC1534.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC1988.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC25d7.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC298f.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC2b72.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC2da4.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACb74.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACc36d.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACc782.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcb1b.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcd1d.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcfeb.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACed79.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACef3e.tmp
Status: Invisible to the Windows API!

Path: c:\programdata\pure networks\log\logfile.nmsrvc_exe.txt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Users\Brandon\Desktop\UACfpyohmpsxcxasrdar.dll
Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UAChqvbtxltuauwdhaxc.dll
Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UACobmxkmoxitwxfywms.dll
Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UACumtneufxlhfpqkmiq.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c
e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850
4d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_765
8964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c
2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588
43c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003
bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab
ac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d
f268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e5070
87.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b
5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fd
d9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641e
f282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9
d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182
ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAS
Status: Locked to the Windows API!

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.002
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.003
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 1572864, Raw: 0)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\UACfb7e.tmp
Status: Invisible to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\fla458E.tmp
Status: Invisible to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\flaB61C.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.crwl
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.gthr
Status: Allocation size mismatch (API: 136, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\urlclassifier3.sqlite
Status: Allocation size mismatch (API: 41803776, Raw: 41791488)

Path: C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YH2423\acCAP6S53O.htm
Status: Visible to the Windows API, but not on disk.

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_001_
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_002_
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_003_
Status: Allocation size mismatch (API: 720896, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_map_
Status: Allocation size mismatch (API: 280, Raw: 0)

Run Rootrepeal file scan only.

Highlight the following line and right click on it. Select *wipe file*

Path: C:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys
Status: Invisible to the Windows API!
Then reboot immediately!!


Next

• Launch Malwarebytes' Anti-Malware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After wiping that file, my computer worked without being in safe mode for the first time since it was infected. Also, my McAfee is working again and quarantined some files while the Malwarebytes scan was running. Here are the results from the latest MB scan:



Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 6.0.6001 Service Pack 1

8/8/2009 2:51:15 PM
mbam-log-2009-08-08 (14-51-15).txt

Scan type: Quick Scan
Objects scanned: 89638
Time elapsed: 30 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\UACfpyohmpsxcxasrdar.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\system32\UAChqvbtxltuauwdhaxc.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\system32\UACobmxkmoxitwxfywms.dll (Rogue.Agent) -> Quarantined and deleted successfully.
c:\windows\system32\UACsrqddvspjptiqrxns.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\temp\UAC1534.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
c:\windows\temp\UAC25d7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\temp\UAC298f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\temp\UAC2b72.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\UAC2da4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\temp\UACb74.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
c:\windows\temp\UACc782.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\temp\UACcd1d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\System32\UACumtneufxlhfpqkmiq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys (Trojan.Agent) -> Quarantined and deleted successfully.

If you notice the file we wiped, played a jedi mind trick. Now there exposed and malwarebytes drop a train on them. But the next version of MBAM will be able to deal with this rootkit from the get go....:-) Still have work to do...

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

After ComboFix restarted the computer, Firefox won't start and I get this message:

"Illegal operation attempted on a registry key that has been marked for deletion."

Anyways, here's the ComboFix log:



ComboFix 09-08-07.09 - Brandon 08/08/2009 15:37.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1854 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-2873835703-867658926-3654523082-500
c:\windows\jestertb.dll
c:\windows\system32\UACbteplxwpnoswrrdwh.dat
c:\windows\system32\UACkirreecvmpqlhcdfv.db
c:\windows\system32\uactmp.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-08 19:44 . 2009-08-08 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-08 18:58 . 2009-08-08 18:58 -------- d-sh--w- C:\found.000
2009-08-08 17:40 . 2009-08-08 17:40 -------- d-----w- C:\RootRepeal
2009-08-08 17:38 . 2009-08-08 17:38 -------- d-----w- c:\users\Brandon\LB
2009-08-07 20:42 . 2009-08-07 20:42 -------- d-----w- c:\program files\Trend Micro
2009-08-07 20:40 . 2009-08-07 20:40 812344 ----a-w- c:\users\Brandon\HJTInstal.exe
2009-08-07 17:41 . 2009-08-07 17:42 -------- d-----w- c:\program files\ATtest
2009-08-07 17:41 . 2009-08-07 17:41 249856 ------w- c:\windows\Setup1.exe
2009-08-07 17:41 . 2009-08-07 17:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-02 21:47 . 2009-08-02 21:47 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2009-08-02 21:27 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 21:27 . 2009-08-02 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 21:27 . 2009-08-02 21:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-02 21:27 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 21:07 . 2009-08-02 21:27 -------- d-----w- c:\users\Brandon\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]
2009-07-29 13:48 . 2009-07-29 13:48 -------- d-----w- c:\users\Brandon\AppData\Local\SupportSoft
2009-07-24 04:07 . 2009-07-24 04:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 00:39 . 2008-12-24 21:01 -------- d-----w- c:\users\Brandon\AppData\Roaming\uTorrent
2009-08-07 20:37 . 2008-12-28 16:41 6648 ----a-w- c:\users\Brandon\AppData\Local\d3d9caps.dat
2009-07-22 17:03 . 2009-01-08 18:36 -------- d-----w- c:\programdata\FLEXnet
2009-07-12 16:37 . 2008-12-16 23:45 -------- d-----w- c:\programdata\McAfee
2009-07-12 16:29 . 2008-12-16 23:45 -------- d-----w- c:\program files\McAfee
2009-07-05 20:32 . 2009-05-10 00:16 -------- d-----w- c:\program files\NavNet
2009-07-05 20:28 . 2009-03-08 02:32 -------- d-----w- c:\program files\Common Files\AOL
2009-07-05 20:27 . 2009-05-05 23:17 -------- d-----w- c:\program files\PhotoFucket
2009-06-27 20:19 . 2008-12-16 23:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 16:41 . 2008-12-16 23:53 -------- d-----w- c:\programdata\CyberLink
2009-06-24 16:39 . 2009-06-24 16:39 -------- d-----w- c:\users\Brandon\AppData\Roaming\CyberLink
2009-06-24 16:38 . 2009-06-24 16:38 -------- d-----w- c:\program files\Common Files\CyberLink
2009-06-24 16:35 . 2008-12-16 23:53 -------- d-----w- c:\program files\CyberLink
2009-06-24 16:34 . 2009-06-24 16:35 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-24 16:34 . 2008-12-16 23:53 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-24 16:34 . 2008-12-16 23:53 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-24 16:28 . 2009-06-24 16:29 53319 ----a-w- c:\programdata\TEMP\{307BD415-B3E6-4E60-962A-FEF793237322}\PostBuild.exe
2009-06-24 01:24 . 2009-01-08 18:26 -------- d-----w- c:\programdata\Rosetta Stone
2009-06-24 01:19 . 2009-06-24 01:19 -------- d-----w- c:\program files\Rosetta Stone
2009-06-23 22:17 . 2009-06-23 21:43 -------- d-----w- c:\program files\iTunes
2009-06-23 21:43 . 2009-06-23 21:43 -------- d-----w- c:\program files\iPod
2009-06-23 21:43 . 2008-12-24 21:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 21:41 . 2009-06-23 21:40 -------- d-----w- c:\program files\QuickTime
2009-06-23 21:31 . 2009-06-23 21:31 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 17:27 . 2008-12-25 19:12 -------- d-----w- c:\programdata\dl_Cats
2009-06-21 16:54 . 2008-12-24 19:06 104192 ----a-w- c:\users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 16:53 . 2009-06-21 16:54 162132 ----a-w- c:\windows\Fonts\Verdimka-Italic.ttf
2009-06-21 16:53 . 2009-06-21 16:54 159632 ----a-w- c:\windows\Fonts\Verdimka-Bold-Italic.ttf
2009-06-21 16:53 . 2009-06-21 16:54 147860 ----a-w- c:\windows\Fonts\Verdimka.ttf
2009-06-21 16:53 . 2009-06-21 16:54 143620 ----a-w- c:\windows\Fonts\Verdimka-bold.ttf
2009-06-20 18:35 . 2009-06-20 17:47 -------- d-----w- c:\program files\The KMPlayer
2009-06-20 16:56 . 2009-06-20 16:56 -------- d-----w- c:\program files\Lame for Audacity
2009-06-18 05:02 . 2009-06-18 05:02 -------- d-----w- c:\program files\Xvid
2009-06-15 12:11 . 2008-12-25 22:15 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 01:09 . 2009-06-23 22:17 4250852 ----a-w- c:\windows\Fonts\iTunes Bold.ttf
2009-06-13 01:09 . 2009-06-23 22:17 3987680 ----a-w- c:\windows\Fonts\iTunes.ttf
2009-06-11 13:36 . 2008-12-16 23:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 19:55 . 2009-06-10 19:55 -------- d-----w- c:\program files\Western Digital
2009-06-10 19:54 . 2009-06-10 19:54 -------- d-----w- c:\program files\Western Digital Corporation
2009-06-07 20:24 . 2009-06-08 22:28 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-07 20:16 . 2009-06-08 22:28 819200 ----a-w- c:\windows\system32\xvidcore.dll
2008-12-16 23:45 . 2008-12-24 20:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-16 23:52 . 2008-12-16 23:52 76 --sh--r- c:\windows\CT4CET.bin
2008-12-17 00:51 . 2008-12-17 00:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-16 39408]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-18 145944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-06-24 91432]

c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll" [2008-09-17 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83EBE4D4-420E-4770-A6EA-72C1B6139ACC}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{5DA30AFC-D792-46F0-AAD1-B06D75914C5C}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3276E660-7CEC-4959-AD16-340C5B4CDDF1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{63B77538-D270-49E2-BDB7-E26C92616C65}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E2D0029C-0CDF-4081-9401-68CF7AF8732E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{D05DE99F-D323-4130-963F-6181DBABB181}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{AFEA741D-E902-42A5-AEB6-77F5762AD625}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{5BF27FD1-310A-42DA-B3B6-48FAF15C1F11}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{FED72049-7622-4DDB-87EC-7B84366DD52A}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{02B4B086-FA54-473E-831E-A7FB64D1501B}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{C688789D-9D25-4278-A4B7-2FFC86A4C565}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{D33E9505-6F0A-491E-A514-5E255FAF86AF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{96A6E6BE-03B2-4AA1-8E4A-0A05B4628D05}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3E77C399-2295-42C2-B5DF-7E1F7C00E271}"= UDP:c:\windows\System32\dldtcoms.exe:V305 Server
"{6E87E812-B5B6-4C80-9EB7-09029BE3D566}"= TCP:c:\windows\System32\dldtcoms.exe:V305 Server
"{9D2A0E06-BE68-4E98-AD26-B03084332911}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AA8755D8-C835-4B5F-991E-D1DC541704F8}"= Disabled:UDP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{DEC841EC-3E88-4919-8F1D-8B1670DBACB3}"= Disabled:TCP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{5922F539-6744-42E2-83B8-109F30836DC2}"= UDP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (TCP-In)
"{00E20032-68C0-4940-9FE3-A9038AEB0C66}"= TCP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (UDP-In)
"{D1D21194-0F4E-4B52-9B0F-EBC3FE0EBBEB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8BE3EA4B-5691-4A3C-B292-0C79730B7B6B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E0BE5A99-AA27-4149-B223-1A6400F4B02D}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{FBAD8F50-A553-4441-85F3-941612C4BBF4}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"{C569B9A3-8CEF-40DC-AA5B-A76C820B178B}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{0E0FCDA2-C2AD-4FBA-9DE0-647274A1039B}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{7C90511D-4A71-4A41-AEEE-758FF6DAAE80}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA
"UDP Query User{04E2D00C-C683-4622-BBC5-20E19FFEDFC6}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA
"TCP Query User{A9F4ACD7-F98C-4127-913A-1ACD4270CEE3}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"UDP Query User{2C7C9D74-7D17-4E20-83D4-B2576DF9354F}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"TCP Query User{8B2D711B-4638-4ED9-A25C-2F83B2CFF680}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{02ED14D3-38E8-48DD-995B-84F3543B566A}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"{4F0188FC-6227-4965-B077-607E250234CF}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F50E3B51-7E9B-41B8-9351-F5732E0BC121}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{9F4749D8-F8D4-41FE-B735-B280F82C02D2}c:\\program files\\corel\\dvd9\\windvd.exe"= UDP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"UDP Query User{A0A8ABF6-D28A-4B23-BE7C-AD8050BA815D}c:\\program files\\corel\\dvd9\\windvd.exe"= TCP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"{C08916A0-B3F0-4C38-8EAD-F305A3FD4E80}"= UDP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (TCP-In)
"{BB1A5692-3A89-4301-8B8C-49D4DF182310}"= TCP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (UDP-In)
"{AAB92EDE-AAD6-47AD-B112-C4278DA22C85}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FEB2FB92-5A6D-4B6C-BFA2-77A761F0295A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B29E131E-EB0F-4EFC-B95A-590CCCF7C4B7}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{BABC665E-F652-4A37-BEC8-7C75850CA3C5}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{ECEBB919-64E0-455F-8067-7311AD54222C}"= TCP:67:DHCP Discovery Service
"{E83E16F2-4C9C-4EC0-82CD-4F009113D2B9}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{A312F297-7BB3-4116-8535-E6DB76A6D61E}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{3981A14B-82DB-46F8-92AB-3B40013947A2}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"UDP Query User{BFA43B18-BFCC-4EE1-96DE-8C168531A418}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"TCP Query User{8A5B3753-C0A8-4515-96C2-B0E1FFBDDCAA}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{BACB5001-B936-4CD9-BF94-FF891DB6F3D8}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{CC54EA53-A8CA-4EA1-9C7A-2B214504AFCD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{95626CA2-E99A-4360-9F7B-F811751A4CCC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{07EB25C7-D697-4E7D-94E7-9B8904D98DB0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{10B47747-A986-40B2-9680-211029088F15}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B74BA92B-25BE-4063-9532-78A083D1A0EB}"= UDP:5353:Adobe CSI CS4
"{29E554A0-21D5-45BB-8C80-52A2A7A8E5EA}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F70A48F7-69AD-401A-8AD0-D85FA9226A8B}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8B2F7E38-6094-4DE7-BBFA-C76729CCC0E6}"= UDP:3703:Adobe Version Cue CS4 Server
"{ADB4A37E-5526-49B2-BC05-344F6687D986}"= UDP:3704:Adobe Version Cue CS4 Server
"{397A7695-A3E5-4D70-8920-8482AC1ED959}"= UDP:51000:Adobe Version Cue CS4 Server
"{1B48C767-F255-40BC-A80A-4D275D9CF666}"= UDP:51001:Adobe Version Cue CS4 Server
"{5C027302-A250-43D3-B203-01C59C4F7916}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{560AE378-2AFA-4B2F-8445-4E7DD661DB5B}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{417BD20A-AA5D-4085-9D94-728E9528B7C8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0F878590-77B0-4DBF-BEA2-66AC33EABAC2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{74DBDB92-FC02-469A-BFEF-9D9C34F5C8F4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{16D936E0-F492-406C-96E8-0F52073E6FC3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{70C44E82-B287-4B91-9F1B-99F25046D5B2}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"UDP Query User{B6C288BB-379F-4AAB-AD9F-5F9F63D7AB6B}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"TCP Query User{4DFF0279-A1CA-4B1C-8533-9B01BA55F9CE}c:\\users\\brandon\\downloads\\torrents\\left.4.dead.full-rip.skullptura\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\brandon\downloads\torrents\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{A27675BE-C887-407E-960D-7654F21147C6}c:\\users\\brandon\\downloads\\torrents\\left.4.dead.full-rip.skullptura\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\brandon\downloads\torrents\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"{FA746B78-F747-4F43-B0E6-FA43F436A626}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{FB6D18D0-60F8-44C3-90E2-4F13866AAEF6}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{E909E2FF-A708-42C0-8F23-7E73FCD9FEB2}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{361C93C3-FDB9-4145-80EC-C38B9CFF2CD4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{57061080-9DEB-4CCC-98CF-1FD7A213A673}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{608650D9-0567-4B33-9367-E67BEC08BC90}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{C0189F08-AEFB-45C9-BF62-7536AAE5418D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C978A9B0-4D40-4BC5-8B9B-D9FF67751B92}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{CC1AB3BA-32E5-4AAA-A331-86B0B5341310}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B564F6F0-DA3A-464E-8666-031D0516A753}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9CD34495-1988-43D8-93EF-B1F12F15E287}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"UDP Query User{4DD8914C-E120-4DD7-A76E-76422E68417E}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{413B7B6A-C2EB-48F8-A046-65F510A6ADAA}"= TCP:67:DHCP Discovery Service
"{7981B309-AFFD-4084-AD91-815025BAEA59}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{B9479245-6BC3-40D2-9635-FEA8E96E98AA}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{859F62A1-403E-4913-805F-9A5D4D8E6B10}c:\\users\\brandon\\downloads\\new folder\\utorrent.exe"= UDP:c:\users\brandon\downloads\new folder\utorrent.exe:utorrent.exe
"UDP Query User{7E80C1C0-ADBD-48B8-BE23-7BE72ACE0BC6}c:\\users\\brandon\\downloads\\new folder\\utorrent.exe"= TCP:c:\users\brandon\downloads\new folder\utorrent.exe:utorrent.exe
"{8437E028-A85A-4AA9-B203-C0FB2BDF0CE7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BC1A49B0-7300-4855-ACB6-2E76F97D5552}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{402351C0-CAFD-4C8A-937C-C36D11D06561}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{F1082134-CF0A-424F-8304-6A34A80F6C49}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{970F42F2-64E7-4D0C-A4EB-3D0A5BE3F36C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4870AA1-A182-4FE1-8253-C14BCE1E7714}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8B14894A-9F7F-4299-A472-59E3A47C1D43}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{7154ED56-7482-404D-B968-59B9B8ACC734}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{D04A3B03-AF48-4BBC-A0EB-F63EFDF77113}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C6F32EE2-4E27-46A3-9732-8089BA85DAF2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B3D5976D-72A1-4DAD-BDEF-632C4BD289DF}c:\\users\\brandon\\documents\\my games\\left 4 dead\\left4dead.exe"= UDP:c:\users\brandon\documents\my games\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{C1CEB6D3-71F9-4D64-98CC-E528B2E2B0E8}c:\\users\\brandon\\documents\\my games\\left 4 dead\\left4dead.exe"= TCP:c:\users\brandon\documents\my games\left 4 dead\left4dead.exe:left4dead.exe
"{B9C83106-D278-4AF9-863F-4B1DB4680D31}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{0FCC08F5-19E0-4E20-B9C1-FD04D9532B6E}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{BBD3E1E4-E281-48B6-AB1E-313808934264}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AA2052AA-9FE2-447D-91AB-1CF8DCCDF62C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8B76376D-8B64-4B64-A2A8-8FB64BAC7D3F}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{197D8A14-1FCE-48E5-9D51-B8A3D3BBDA1D}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{6CF5E2EA-A038-4899-A914-82FDC5D3A9E5}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FCECA3D6-5FEE-4618-9547-53811F68C533}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{040E7865-A8C8-4481-A76F-58468AFAB90C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4617E45F-8D52-4752-985E-403C7173F252}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{53BB006C-C402-4319-A44F-C75EE82CC943}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{EFDC1CF0-BD88-4C9B-92B2-860F38FA8CAC}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{085B09F6-64F7-4941-835D-00D8ABAD4BE8}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{8718FEAD-D596-4A96-9F75-5E2922E6B8F1}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{AE51EC29-4960-4F30-8E8A-A839162E8ADD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DF0F80B5-56A0-493F-82BE-DF87680A200F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{BBAD0EBD-BA1D-411B-B19F-493C9D6CA653}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{532E270B-2C21-404D-92DC-7AEB30D43953}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{6230EC30-B3C3-4ABF-A43F-1E821B12BF62}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{83EDB4EE-8770-452A-993B-C27E82320B49}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{362ED3DD-7D1B-46DB-BE10-D43109DBC23C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1FBE544D-2FB2-4AF9-A6FF-F7BA6144FC12}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{9B6A9CA4-3E0F-4DD9-966A-8598C6809566}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{1CE637DA-AC58-4303-97BC-0FFBE22E5B9F}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{8E3DA0E5-D01A-49C0-8066-9264728BE30C}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{334795D2-1775-40D0-B812-24E21E3FE600}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{607E302F-CFD0-4471-AC4D-9BB9F9BB7589}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D04CE70B-93AC-4FB4-AADA-1B97C2ED1C17}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{56251AA4-946D-4218-B6D0-C7FE955C3BA9}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe [12/16/2008 9:04 PM 73728]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/9/2009 12:51 PM 210216]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/16/2008 9:04 PM 113664]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [12/16/2008 9:04 PM 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [12/16/2008 9:04 PM 203264]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [8/2/2009 5:27 PM 19096]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [12/16/2008 9:04 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [12/16/2008 9:04 PM 277632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2009 5:27 PM 211216]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/16/2008 7:45 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-27 14:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-27 14:53]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DNP - c:\program files\Desktop Notepad\Desktop Notepad.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081217
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 15:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2873835703-867658926-3654523082-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):fe,f9,02,01,49,51,2d,a9,51,ce,c1,b9,cc,fa,8d,f0,21,da,c3,c8,27,
a2,da,bb,f8,d8,30,8b,17,45,c3,61,6a,a3,23,10,14,95,87,a9,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2873835703-867658926-3654523082-1000_Classes\CLSID\{f310d0cc-7f52-40b9-b20d-ea09c65043ee}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000037
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,f8,0b,f2,c4,7d,43,2e,bd,6a,e5,31,bf,56,c8,9e,be,15,3a,96,84,18,94,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6020)
c:\program files\RocketDock\RocketDock.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dldtcoms.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-08 15:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-08 19:56

Pre-Run: 110,850,265,088 bytes free
Post-Run: 111,474,376,704 bytes free

395 --- E O F --- 2009-06-15 12:12

Let me know if Firefox is working after you are done...?



Open Notepad and copy and paste the text in the code box below into it:



Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.



There are some older versions of Java on your computer. These can be a source of infection.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 15.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u15-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u15-windows-i586.exe and select "Run as an Administrator.")

In your next reply, please include these log(s):


CFScript.txt

HijackThis log (new)

Also, please let me know how things are running now?

I'm sorry about the delay, I've been having network problems. Here are the logs:

(The whole log won't fit in one response so I'll have to split it into parts)

ComboFix:


ComboFix 09-08-10.06 - Brandon 08/11/2009 19:52.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1933 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"C:\found.000"
"c:\windows\Setup1.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Setup1.exe


.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 23:59 . 2009-08-11 23:59 -------- d-----w- c:\users\Brandon\AppData\Local\temp
2009-08-11 23:59 . 2009-08-11 23:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-11 23:59 . 2009-08-11 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 19:28 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-10 19:28 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-10 19:28 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-10 19:28 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-10 19:28 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-10 19:27 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-10 19:27 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-10 16:43 . 2009-08-10 16:43 -------- d-----w- c:\users\Brandon\AppData\Local\Cooliris
2009-08-10 16:43 . 2009-07-07 02:44 937984 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-10 16:43 . 2009-07-07 02:44 65536 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-10 16:43 . 2009-07-07 02:44 4722688 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-10 16:43 . 2009-07-07 02:44 344064 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-10 16:43 . 2009-07-07 02:44 106496 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-10 16:43 . 2009-07-07 02:44 103424 ----a-w- c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-08 18:58 . 2009-08-08 18:58 -------- d-sh--w- C:\found.000
2009-08-08 18:47 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-08 18:47 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-08 18:47 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-08 18:47 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-08 17:38 . 2009-08-08 17:38 -------- d-----w- c:\users\Brandon\LB
2009-08-07 20:42 . 2009-08-07 20:42 -------- d-----w- c:\program files\Trend Micro
2009-08-07 20:40 . 2009-08-07 20:40 812344 ----a-w- c:\users\Brandon\HJTInstal.exe
2009-08-07 17:41 . 2009-08-07 17:42 -------- d-----w- c:\program files\ATtest
2009-08-07 17:41 . 2009-08-07 17:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-02 21:47 . 2009-08-02 21:47 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2009-08-02 21:27 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 21:27 . 2009-08-02 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 21:27 . 2009-08-02 21:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-02 21:27 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 13:48 . 2009-07-29 13:48 -------- d-----w- c:\users\Brandon\AppData\Local\SupportSoft
2009-07-24 04:07 . 2009-07-24 04:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 18:52 . 2009-01-02 22:22 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-11 18:52 . 2009-01-02 22:22 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-11 17:26 . 2008-12-24 21:01 -------- d-----w- c:\users\Brandon\AppData\Roaming\uTorrent
2009-08-09 17:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-09 15:30 . 2008-12-25 22:15 -------- d-----w- c:\programdata\Microsoft Help
2009-08-09 04:41 . 2009-01-02 22:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-07 20:37 . 2008-12-28 16:41 6648 ----a-w- c:\users\Brandon\AppData\Local\d3d9caps.dat
2009-07-22 17:03 . 2009-01-08 18:36 -------- d-----w- c:\programdata\FLEXnet
2009-07-18 16:06 . 2009-08-08 18:45 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-08 18:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-08 18:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-12 16:37 . 2008-12-16 23:45 -------- d-----w- c:\programdata\McAfee
2009-07-12 16:29 . 2008-12-16 23:45 -------- d-----w- c:\program files\McAfee
2009-07-05 20:32 . 2009-05-10 00:16 -------- d-----w- c:\program files\NavNet
2009-07-05 20:28 . 2009-03-08 02:32 -------- d-----w- c:\program files\Common Files\AOL
2009-07-05 20:27 . 2009-05-05 23:17 -------- d-----w- c:\program files\PhotoFucket
2009-06-27 20:19 . 2008-12-16 23:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 16:41 . 2008-12-16 23:53 -------- d-----w- c:\programdata\CyberLink
2009-06-24 16:39 . 2009-06-24 16:39 -------- d-----w- c:\users\Brandon\AppData\Roaming\CyberLink
2009-06-24 16:38 . 2009-06-24 16:38 -------- d-----w- c:\program files\Common Files\CyberLink
2009-06-24 16:35 . 2008-12-16 23:53 -------- d-----w- c:\program files\CyberLink
2009-06-24 16:34 . 2009-06-24 16:35 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-24 16:34 . 2008-12-16 23:53 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-24 16:34 . 2008-12-16 23:53 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-24 16:28 . 2009-06-24 16:29 53319 ----a-w- c:\programdata\TEMP\{307BD415-B3E6-4E60-962A-FEF793237322}\PostBuild.exe
2009-06-24 01:24 . 2009-01-08 18:26 -------- d-----w- c:\programdata\Rosetta Stone
2009-06-24 01:19 . 2009-06-24 01:19 -------- d-----w- c:\program files\Rosetta Stone
2009-06-23 22:17 . 2009-06-23 21:43 -------- d-----w- c:\program files\iTunes
2009-06-23 21:43 . 2009-06-23 21:43 -------- d-----w- c:\program files\iPod
2009-06-23 21:43 . 2008-12-24 21:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 21:41 . 2009-06-23 21:40 -------- d-----w- c:\program files\QuickTime
2009-06-23 21:31 . 2009-06-23 21:31 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 17:27 . 2008-12-25 19:12 -------- d-----w- c:\programdata\dl_Cats
2009-06-21 16:54 . 2008-12-24 19:06 104192 ----a-w- c:\users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 16:53 . 2009-06-21 16:54 162132 ----a-w- c:\windows\Fonts\Verdimka-Italic.ttf
2009-06-21 16:53 . 2009-06-21 16:54 159632 ----a-w- c:\windows\Fonts\Verdimka-Bold-Italic.ttf
2009-06-21 16:53 . 2009-06-21 16:54 147860 ----a-w- c:\windows\Fonts\Verdimka.ttf
2009-06-21 16:53 . 2009-06-21 16:54 143620 ----a-w- c:\windows\Fonts\Verdimka-bold.ttf
2009-06-20 18:35 . 2009-06-20 17:47 -------- d-----w- c:\program files\The KMPlayer
2009-06-20 16:56 . 2009-06-20 16:56 -------- d-----w- c:\program files\Lame for Audacity
2009-06-18 05:02 . 2009-06-18 05:02 -------- d-----w- c:\program files\Xvid
2009-06-13 01:09 . 2009-06-23 22:17 4250852 ----a-w- c:\windows\Fonts\iTunes Bold.ttf
2009-06-13 01:09 . 2009-06-23 22:17 3987680 ----a-w- c:\windows\Fonts\iTunes.ttf
2009-06-07 20:24 . 2009-06-08 22:28 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-07 20:16 . 2009-06-08 22:28 819200 ----a-w- c:\windows\system32\xvidcore.dll
2008-12-16 23:45 . 2008-12-24 20:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-16 23:52 . 2008-12-16 23:52 76 --sh--r- c:\windows\CT4CET.bin
2008-12-17 00:51 . 2008-12-17 00:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_19.47.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 19:27 . 2008-06-20 01:13 25616 c:\windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.0.6001.22208_none_569fed8296034a38\XamlViewer_v0300.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 25616 c:\windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.0.6001.18096_none_55b2fef17d307612\XamlViewer_v0300.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 25616 c:\windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.0.6000.20864_none_5474ce2c9910fb91\XamlViewer_v0300.exe
+ 2009-08-10 19:27 . 2008-06-20 01:18 25616 c:\windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.0.6000.16708_none_543012117fbf197d\XamlViewer_v0300.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 94208 c:\windows\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6001.22208_none_faadb06494e67934\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 94208 c:\windows\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6001.18096_none_f9c0c1d37c13a50e\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 94208 c:\windows\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6000.20864_none_f882910e97f42a8d\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 94208 c:\windows\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6000.16708_none_f83dd4f37ea24879\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 98304 c:\windows\winsxs\x86_wpf-uiautomationtypes_31bf3856ad364e35_6.0.6001.22208_none_5da3c26eb406f41a\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 98304 c:\windows\winsxs\x86_wpf-uiautomationtypes_31bf3856ad364e35_6.0.6001.18096_none_5cb6d3dd9b341ff4\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 98304 c:\windows\winsxs\x86_wpf-uiautomationtypes_31bf3856ad364e35_6.0.6000.20864_none_5b78a318b714a573\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 98304 c:\windows\winsxs\x86_wpf-uiautomationtypes_31bf3856ad364e35_6.0.6000.16708_none_5b33e6fd9dc2c35f\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 40960 c:\windows\winsxs\x86_wpf-uiautomationprovider_31bf3856ad364e35_6.0.6001.22208_none_052e7256a4084ac0\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 40960 c:\windows\winsxs\x86_wpf-uiautomationprovider_31bf3856ad364e35_6.0.6001.18096_none_044183c58b35769a\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 40960 c:\windows\winsxs\x86_wpf-uiautomationprovider_31bf3856ad364e35_6.0.6000.20864_none_03035300a715fc19\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 40960 c:\windows\winsxs\x86_wpf-uiautomationprovider_31bf3856ad364e35_6.0.6000.16708_none_02be96e58dc41a05\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 43544 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6001.22208_none_2b1cb7ad92e58514\PresentationHostProxy.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 43544 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6001.18096_none_2a2fc91c7a12b0ee\PresentationHostProxy.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 43544 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6000.20864_none_28f1985795f3366d\PresentationHostProxy.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 43544 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6000.16708_none_28acdc3c7ca15459\PresentationHostProxy.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 46104 c:\windows\winsxs\x86_wpf-presentationfontcache_31bf3856ad364e35_6.0.6001.22208_none_062b37d02b447963\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 46104 c:\windows\winsxs\x86_wpf-presentationfontcache_31bf3856ad364e35_6.0.6001.18096_none_053e493f1271a53d\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 46104 c:\windows\winsxs\x86_wpf-presentationfontcache_31bf3856ad364e35_6.0.6000.20864_none_0400187a2e522abc\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:18 46104 c:\windows\winsxs\x86_wpf-presentationfontcache_31bf3856ad364e35_6.0.6000.16708_none_03bb5c5f150048a8\PresentationFontCache.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 71160 c:\windows\winsxs\x86_wpf-penimc_31bf3856ad364e35_6.0.6001.22208_none_ac42b3e91dc43b92\PenIMC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 71160 c:\windows\winsxs\x86_wpf-penimc_31bf3856ad364e35_6.0.6001.18096_none_ab55c55804f1676c\PenIMC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 71160 c:\windows\winsxs\x86_wpf-penimc_31bf3856ad364e35_6.0.6000.20864_none_aa17949320d1eceb\PenIMC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 71160 c:\windows\winsxs\x86_wpf-penimc_31bf3856ad364e35_6.0.6000.16708_none_a9d2d87807800ad7\PenIMC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 20504 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6001.22208_none_a66fa64e64b4d286\ServiceMonikerSupport.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 20504 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6001.18096_none_a582b7bd4be1fe60\ServiceMonikerSupport.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 20504 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6000.20864_none_a44486f867c283df\ServiceMonikerSupport.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 20504 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6000.16708_none_a3ffcadd4e70a1cb\ServiceMonikerSupport.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 11288 c:\windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6001.22208_none_c98de65862db0acf\ServiceModelInstallRC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 11288 c:\windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6001.18096_none_c8a0f7c74a0836a9\ServiceModelInstallRC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 11288 c:\windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.20864_none_c762c70265e8bc28\ServiceModelInstallRC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 11288 c:\windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16708_none_c71e0ae74c96da14\ServiceModelInstallRC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 11280 c:\windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.22208_none_78fbd1e5b178083c\ServiceModelEvents.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 11280 c:\windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.18096_none_780ee35498a53416\ServiceModelEvents.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 11280 c:\windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.20864_none_76d0b28fb485b995\ServiceModelEvents.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 11280 c:\windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16708_none_768bf6749b33d781\ServiceModelEvents.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 97800 c:\windows\winsxs\x86_wcf-infocard_api_dll_31bf3856ad364e35_6.0.6001.22208_none_a4789bc9c8b69e2b\infocardapi.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 97800 c:\windows\winsxs\x86_wcf-infocard_api_dll_31bf3856ad364e35_6.0.6001.18096_none_a38bad38afe3ca05\infocardapi.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 97800 c:\windows\winsxs\x86_wcf-infocard_api_dll_31bf3856ad364e35_6.0.6000.20864_none_a24d7c73cbc44f84\infocardapi.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 97800 c:\windows\winsxs\x86_wcf-infocard_api_dll_31bf3856ad364e35_6.0.6000.16708_none_a208c058b2726d70\infocardapi.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 11264 c:\windows\winsxs\x86_wcf-icardres_dll_vista_31bf3856ad364e35_6.0.6001.22208_none_119eed0383ee8cd5\icardres.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 11264 c:\windows\winsxs\x86_wcf-icardres_dll_vista_31bf3856ad364e35_6.0.6001.18096_none_10b1fe726b1bb8af\icardres.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 11264 c:\windows\winsxs\x86_wcf-icardres_dll_vista_31bf3856ad364e35_6.0.6000.20864_none_0f73cdad86fc3e2e\icardres.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 11264 c:\windows\winsxs\x86_wcf-icardres_dll_vista_31bf3856ad364e35_6.0.6000.16708_none_0f2f11926daa5c1a\icardres.dll
+ 2009-08-09 15:24 . 2009-08-09 15:24 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea
1\ATL80.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb\iebrshim.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1\iebrshim.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iesetup.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iernonce.dll
+ 2009-08-08 18:46 . 2009-07-18 10:02 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\ie4uinit.exe
+ 2009-08-08 18:45 . 2009-07-18 12:10 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iesetup.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iernonce.dll
+ 2009-08-08 18:46 . 2009-07-18 10:00 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\ie4uinit.exe
+ 2009-08-08 18:45 . 2009-07-18 09:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\ieUnatt.exe
+ 2009-08-08 18:45 . 2009-07-18 09:46 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\ieUnatt.exe
+ 2009-08-08 18:45 . 2009-07-18 10:02 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\ieUnatt.exe
+ 2009-08-08 18:45 . 2009-07-18 10:00 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\ieUnatt.exe
+ 2009-08-08 18:45 . 2009-07-18 12:09 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725\icardie.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb\icardie.dll
+ 2009-08-08 18:45 . 2009-07-18 09:51 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\mshtmler.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\ieencode.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\ieencode.dll
+ 2009-08-08 18:45 . 2009-07-18 08:42 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\mshtmler.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\ieencode.dll
+ 2009-08-08 18:45 . 2009-07-18 08:34 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\mshtmler.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\ieencode.dll
+ 2009-08-08 18:45 . 2009-07-18 11:50 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\admparse.dll
+ 2009-08-08 18:45 . 2009-07-18 12:06 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\admparse.dll
+ 2009-08-08 18:45 . 2009-07-18 12:07 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\admparse.dll
+ 2009-08-08 18:45 . 2009-07-18 09:36 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\WininetPlugin.dll
+ 2009-08-08 18:45 . 2009-07-18 11:45 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\jsproxy.dll
+ 2009-08-08 18:45 . 2009-07-18 11:56 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\WininetPlugin.dll
+ 2009-08-08 18:45 . 2009-07-18 11:53 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\jsproxy.dll
+ 2009-08-08 18:45 . 2009-07-18 16:02 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\jsproxy.dll
+ 2009-08-08 18:45 . 2009-07-18 12:16 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\WininetPlugin.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\jsproxy.dll
+ 2009-08-08 18:45 . 2009-07-18 12:17 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\WininetPlugin.dll
+ 2009-08-08 18:45 . 2009-07-18 12:11 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\jsproxy.dll
+ 2009-08-08 18:45 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21089_none_ec1c2c762f9973ef\pngfilt.dll
+ 2009-08-08 18:45 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16890_none_eb7ee503168bd8c5\pngfilt.dll
+ 2009-08-08 18:47 . 2009-06-15 14:58 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
+ 2009-08-08 18:47 . 2009-06-15 14:58 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 14:58 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\dciman32.dll
+ 2009-08-08 18:47 . 2009-06-15 12:45 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmlib.dll
+ 2009-08-08 18:47 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
+ 2009-08-08 18:47 . 2009-06-15 14:52 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\dciman32.dll
+ 2009-08-08 18:47 . 2009-04-11 06:28 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmlib.dll
+ 2009-08-08 18:47 . 2009-06-15 15:22 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
+ 2009-08-08 18:47 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 15:19 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\dciman32.dll
+ 2009-08-08 18:47 . 2009-06-15 15:19 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmlib.dll
+ 2009-08-08 18:47 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\dciman32.dll
+ 2009-08-08 18:47 . 2009-06-15 15:04 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
+ 2009-08-08 18:47 . 2009-06-15 15:03 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 15:02 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\dciman32.dll
+ 2009-08-08 18:47 . 2009-06-15 15:02 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmlib.dll
+ 2009-08-08 18:47 . 2009-06-15 15:23 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
+ 2009-08-08 18:47 . 2009-06-15 15:22 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\fontsub.dll
+ 2009-08-08 18:47 . 2009-06-15 15:21 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\dciman32.dll
+ 2009-08-08 18:47 . 2009-06-15 15:20 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmlib.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 94208 c:\windows\winsxs\msil_windowsformsintegration_31bf3856ad364e35_6.0.6001.22208_none_29708fade
773504f\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 94208 c:\windows\winsxs\msil_windowsformsintegration_31bf3856ad364e35_6.0.6001.18096_none_2883a11cc
ea07c29\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 94208 c:\windows\winsxs\msil_windowsformsintegration_31bf3856ad364e35_6.0.6000.20864_none_27457057e
a8101a8\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 94208 c:\windows\winsxs\msil_windowsformsintegration_31bf3856ad364e35_6.0.6000.16708_none_2700b43cd
12f1f94\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 98304 c:\windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.0.6001.22208_none_b92178d62b667b9
d\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 98304 c:\windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.0.6001.18096_none_b8348a451293a77
7\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 98304 c:\windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.0.6000.20864_none_b6f659802e742cf
6\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 98304 c:\windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.0.6000.16708_none_b6b19d6515224ae
2\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 40960 c:\windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.0.6001.22208_none_72ded6bb9335
d151\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 40960 c:\windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.0.6001.18096_none_71f1e82a7a62
fd2b\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 40960 c:\windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.0.6000.20864_none_70b3b7659643
82aa\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 40960 c:\windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.0.6000.16708_none_706efb4a7cf1
a096\UIAutomationProvider.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 32768 c:\windows\winsxs\msil_system.servicemodel.washosting_b77a5c561934e089_6.0.6001.22208_none_a7
40b5acfb06d4be\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\winsxs\msil_system.servicemodel.washosting_b77a5c561934e089_6.0.6001.18096_none_be
178cbae1572534\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 32768 c:\windows\winsxs\msil_system.servicemodel.washosting_b77a5c561934e089_6.0.6000.20864_none_a7
6b16c0faaff9ed\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 32768 c:\windows\winsxs\msil_system.servicemodel.washosting_b77a5c561934e089_6.0.6000.16708_none_be
3260a4e10e6861\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 73728 c:\windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.0.6001.22208_none_54d3d
7ac5086521a\System.ServiceModel.Install.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 73728 c:\windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.0.6001.18096_none_6baaa
eba36d6a290\System.ServiceModel.Install.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 73728 c:\windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.0.6000.20864_none_54fe3
8c0502f7749\System.ServiceModel.Install.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 73728 c:\windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.0.6000.16708_none_6bc58
2a4368de5bd\System.ServiceModel.Install.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 46104 c:\windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.0.6001.22208_none_0e5c71cec94
acd32\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 46104 c:\windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.0.6001.18096_none_0d6f833db07
7f90c\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 46104 c:\windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.0.6000.20864_none_0c315278cc5
87e8b\PresentationFontCache.exe
+ 2009-08-10 19:27 . 2008-06-20 01:18 46104 c:\windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.0.6000.16708_none_0bec965db30
69c77\PresentationFontCache.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 32768 c:\windows\winsxs\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6001.22208_none_41ad362
3304942fd\PresentationCFFRasterizer.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\winsxs\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6001.18096_none_40c0479
217766ed7\PresentationCFFRasterizer.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 32768 c:\windows\winsxs\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6000.20864_none_3f8216c
d3356f456\PresentationCFFRasterizer.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 32768 c:\windows\winsxs\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6000.16708_none_3f3d5ab
21a051242\PresentationCFFRasterizer.dll
+ 2008-01-21 01:58 . 2009-08-09 20:45 52146 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-11 15:43 92168 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-24 19:07 . 2009-08-11 15:43 11162 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2873835703-867658926-3654523082-1000_UserData.bin
+ 2009-08-08 18:45 . 2009-07-18 16:02 28160 c:\windows\System32\jsproxy.dll
- 2009-06-10 22:48 . 2009-04-24 16:02 28160 c:\windows\System32\jsproxy.dll
- 2008-12-24 19:03 . 2009-08-08 19:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-24 19:03 . 2009-08-11 23:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-24 19:03 . 2009-08-08 19:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 19:03 . 2009-08-11 23:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 19:03 . 2009-08-11 23:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-24 19:03 . 2009-08-08 19:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 25616 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 11288 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-12-25 22:21 . 2009-08-09 15:30 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 01:09 . 2006-10-27 01:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBTRAP.DLL

ComboFix Pt. 2

+ 2009-08-10 19:35 . 2009-08-10 19:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b07a3428544255944bc199e4e3d2e6d3\UIAutomationProvider.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\05fc89ad1590cc672c5a47bbef2e7b2f\System.Windows.Presentation.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2009-08-10 19:35 . 2009-08-10 19:35 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\30b970ab3de237247d0cd7f3dc328fed\PresentationFontCache.ni.exe
+ 2009-08-10 19:35 . 2009-08-10 19:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\22ccba9e26cba4b1dadd92f68173dc31\PresentationCFFRasterizer.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-12-26 06:46 . 2009-07-06 05:34 2992 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-26 06:46 . 2009-08-11 05:48 2992 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-08-11 15:41 . 2009-08-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-11 15:41 . 2009-08-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-08 19:46 . 2009-08-08 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6001.22208_none_65ac7e9ab91d6187\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6001.18096_none_64bf9009a04a8d61\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6000.20864_none_63815f44bc2b12e0\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6000.16708_none_633ca329a2d930cc\System.Workflow.Runtime.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6001.22208_none_c9c50d8221a5a7d5\XPSViewer.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6001.18096_none_c8d81ef108d2d3af\XPSViewer.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6000.20864_none_c799ee2c24b3592e\XPSViewer.exe
+ 2009-08-10 19:27 . 2008-06-20 01:18 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6000.16708_none_c75532110b61771a\XPSViewer.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.22208_none_554db166677
cc421\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18096_none_5460c2d54ea
9effb\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.20864_none_532292106a8
a757a\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.16708_none_52ddd5f5513
89366\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6001.22208_none_db0a99315a5ed6b2\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6001.18096_none_da1daaa0418c028c\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6000.20864_none_d8df79db5d6c880b\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6000.16708_none_d89abdc0441aa5f7\UIAutomationClient.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\System.Speech.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6001.22208_none_00bbcc3141cfe80d\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6001.18096_none_ffcedda028fd13e7\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6000.20864_none_fe90acdb44dd9966\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6000.16708_none_fe4bf0c02b8bb752\ReachFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6001.22208_none_5757acdb5f96b091\PresentationNative_v0300.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6001.18096_none_566abe4a46c3dc6b\PresentationNative_v0300.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6000.20864_none_552c8d8562a461ea\PresentationNative_v0300.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6000.16708_none_54e7d16a49527fd6\PresentationNative_v0300.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6001.22208_none_7085d452393445e2\PresentationHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6001.18096_none_6f98e5c1206171bc\PresentationHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6000.20864_none_6e5ab4fc3c41f73b\PresentationHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:18 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6000.16708_none_6e15f8e122f01527\PresentationHost.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6001.22208_none_709d0e3a3915a370\PresentationHostDLL.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6001.18096_none_6fb01fa92042cf4a\PresentationHostDLL.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6000.20864_none_6e71eee43c2354c9\PresentationHostDLL.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6000.16708_none_6e2d32c922d172b5\PresentationHostDLL.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6001.22208_none_eb46d1fac358e6
98\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6001.18096_none_ea59e369aa8612
72\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6000.20864_none_e91bb2a4c66697
f1\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6000.16708_none_e8d6f689ad14b5
dd\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6001.22208_none_31f039762251cd08\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6001.18096_none_31034ae5097ef8e2\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6000.20864_none_2fc51a20255f7e61\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6000.16708_none_2f805e050c0d9c4d\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6001.22208_none_f4fae63b42dc1
362\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6001.18096_none_f40df7aa2a093
f3c\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6000.20864_none_f2cfc6e545e9c
4bb\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6000.16708_none_f28b0aca2c97e
2a7\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6001.22208_none_3315609821a7b585\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6001.18096_none_3228720708d4e15f\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6000.20864_none_30ea414224b566de\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6000.16708_none_30a585270b6384ca\PresentationFramework.Aero.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6001.22208_none_ca27001ca76
8d8df\PresentationCFFRasterizerNative_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6001.18096_none_c93a118b8e9
604b9\PresentationCFFRasterizerNative_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6000.20864_none_c7fbe0c6aa7
68a38\PresentationCFFRasterizerNative_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6000.16708_none_c7b724ab912
4a824\PresentationCFFRasterizerNative_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_509edfdf6691efea\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_4fb1f14e4dbf1bc4\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_4e73c089699fa143\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_4e2f046e504dbf2f\PresentationBuildTasks.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.22208_none_f0724a733a5cf5
93\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18096_none_0749218120ad46
09\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.20864_none_f09cab873a061a
c2\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16708_none_0763f56b206489
36\System.Runtime.Serialization.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6001.22208_none_c39f387ed4c63b41\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6001.18096_none_da760f8cbb168bb7\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6000.20864_none_c3c99992d46f6070\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6000.16708_none_da90e376bacdcee4\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6001.22208_none_0eda032a5a266f2c\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6001.18096_none_25b0da384076bfa2\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6000.20864_none_0f04643e59cf945b\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6000.16708_none_25cbae22402e02cf\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6001.22208_none_4ca2f28d4aba
1c9a\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6001.18096_none_6379c99b310a
6d10\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6000.20864_none_4ccd53a14a63
41c9\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6000.16708_none_63949d8530c1
b03d\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6001.22208_none_00b2fd11363c5214\SMConfigInstaller.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6001.18096_none_ffc60e801d697dee\SMConfigInstaller.exe
+ 2009-08-10 19:28 . 2008-06-20 01:12 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6000.20864_none_fe87ddbb394a036d\SMConfigInstaller.exe
+ 2009-08-10 19:28 . 2008-06-20 01:17 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6000.16708_none_fe4321a01ff82159\SMConfigInstaller.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6001.22208_none_32694bc98abe06ed\icardagt.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6001.18096_none_317c5d3871eb32c7\icardagt.exe
+ 2009-08-10 19:28 . 2008-06-20 01:12 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6000.20864_none_303e2c738dcbb846\icardagt.exe
+ 2009-08-10 19:28 . 2008-06-20 01:17 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6000.16708_none_2ff970587479d632\icardagt.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6001.22208_none_73d203be8f32b550\System.Printing.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6001.18096_none_72e5152d765fe12a\System.Printing.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6000.20864_none_71a6e468924066a9\System.Printing.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6000.16708_none_7162284d78ee8495\System.Printing.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6001.22208_none_
d8566749ac903376\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6001.18096_none_
ef2d3e5792e083ec\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6000.20864_none_
d880c85dac3958a5\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6000.16708_none_
ef4812419297c719\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-08 18:46 . 2009-07-18 10:02 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\ieuser.exe
+ 2009-08-08 18:46 . 2009-07-18 10:01 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\ieuser.exe
+ 2009-08-08 18:45 . 2009-07-18 10:02 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\ieinstal.exe
+ 2009-08-08 18:45 . 2009-07-18 10:01 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\ieinstal.exe
+ 2009-08-08 18:45 . 2009-07-18 09:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieui.dll
+ 2009-08-08 18:45 . 2009-07-18 09:20 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieui.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieui.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieui.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieui.dll
+ 2009-08-08 18:45 . 2009-07-18 11:56 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\sqmapi.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\iertutil.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\iertutil.dll
+ 2009-08-08 18:45 . 2009-07-18 12:15 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\sqmapi.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\iertutil.dll
+ 2009-08-08 18:45 . 2009-07-18 12:16 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\sqmapi.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\iertutil.dll
+ 2009-08-08 18:45 . 2009-07-18 11:55 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_37695ca72d74ef3a\occache.dll
+ 2009-08-08 18:45 . 2009-07-18 16:04 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_36c91dd4146870d4\occache.dll
+ 2009-08-08 18:45 . 2009-07-18 12:14 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_357c2579305315b1\occache.dll
+ 2009-08-08 18:45 . 2009-07-18 12:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_34dede0617457a87\occache.dll
+ 2009-08-08 18:45 . 2009-07-18 11:55 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
+ 2009-08-08 18:45 . 2009-07-18 21:39 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
+ 2009-08-08 18:45 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
+ 2009-08-08 18:45 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
+ 2009-08-08 18:46 . 2009-07-18 12:12 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\mshtmled.dll
+ 2009-08-08 18:46 . 2009-07-18 12:13 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\mshtmled.dll
+ 2009-08-08 18:45 . 2009-07-18 11:54 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22475_none_60297ec753c83e27\msfeeds.dll
+ 2009-08-08 18:45 . 2009-07-18 16:02 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18294_none_5f893ff43abbbfc1\msfeeds.dll
+ 2009-08-08 18:45 . 2009-07-18 12:12 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21089_none_5e3c479956a6649e\msfeeds.dll
+ 2009-08-08 18:45 . 2009-07-18 12:13 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16890_none_5d9f00263d98c974\msfeeds.dll
+ 2009-08-08 18:46 . 2009-07-18 12:08 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtrans.dll
+ 2009-08-08 18:46 . 2009-07-18 12:08 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtmsft.dll
+ 2009-08-08 18:46 . 2009-07-18 12:09 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtrans.dll
+ 2009-08-08 18:46 . 2009-07-18 12:09 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtmsft.dll
+ 2009-08-08 18:46 . 2009-07-18 12:09 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dll
+ 2009-08-08 18:46 . 2009-07-18 12:10 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieakui.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieaksie.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieaksie.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieakui.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieaksie.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieakui.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieaksie.dll
+ 2009-08-08 18:45 . 2009-07-18 11:52 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22475_none_749360f470cf0c36\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18294_none_73f3222157c28dd0\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 12:09 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21089_none_72a629c673ad32ad\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 12:10 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16890_none_7208e2535a9f9783\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 11:47 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 11:35 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 11:56 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 16:06 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 12:16 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 12:17 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll
+ 2009-08-08 18:45 . 2009-07-18 11:54 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22475_none_e1089b1f95c4844b\mstime.dll
+ 2009-08-08 18:45 . 2009-07-18 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18294_none_e0685c4c7cb805e5\mstime.dll
+ 2009-08-08 18:45 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21089_none_df1b63f198a2aac2\mstime.dll
+ 2009-08-08 18:45 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16890_none_de7e1c7e7f950f98\mstime.dll
+ 2009-08-08 18:47 . 2009-06-15 12:45 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 12:56 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 12:53 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 13:03 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll
+ 2009-08-08 18:47 . 2009-06-15 15:00 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll
+ 2009-08-08 18:47 . 2009-06-15 14:53 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll
+ 2009-08-08 18:47 . 2009-06-15 15:26 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll
+ 2009-08-08 18:47 . 2009-06-15 15:24 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll
+ 2009-08-08 18:47 . 2009-06-15 15:09 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll
+ 2009-08-08 18:47 . 2009-06-15 15:29 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll
+ 2009-08-08 18:45 . 2009-07-18 12:06 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\advpack.dll
+ 2009-08-08 18:45 . 2009-07-18 12:07 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\advpack.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6001.22208_none_b4bd0a2b32340979\infocard.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6001.18096_none_cb93e139188459ef\infocard.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe
+ 2009-08-10 19:27 . 2008-06-20 01:17 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.16708_none_cbaeb523183b9d1c\infocard.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6001.22208_none_f20f4d49d1297aed\WsatConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6001.18096_none_08e62457b779cb63\WsatConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:12 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6000.20864_none_f239ae5dd0d2a01c\WsatConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:17 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6000.16708_none_0900f841b7310e90\WsatConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.22208_none_b
77300279b2a623c\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18096_none_b
686119682578e16\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.20864_none_b
547e0d19e381395\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.16708_none_b
50324b684e63181\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6001.22208_none_21b6b58fa15595
15\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6001.18096_none_20c9c6fe8882c0
ef\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6000.20864_none_1f8b9639a46346
6e\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6000.16708_none_1f46da1e8b1164
5a\UIAutomationClient.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.22208_none_d8b0c75ed
873478b\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18096_none_d7c3d8cdb
fa07365\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6000.20864_none_d685a808d
b80f8e4\System.Workflow.Runtime.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6000.16708_none_d640ebedc
22f16d0\System.Workflow.Runtime.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.22208_none_0a7e4c40999e5e7e\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18096_none_09915daf80cb8a58\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.20864_none_08532cea9cac0fd7\System.Speech.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.16708_none_080e70cf835a2dc3\System.Speech.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.22208_none_eb97
9ea5f9865b51\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18096_none_026e
75b3dfd6abc7\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.20864_none_ebc1
ffb9f92f8080\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16708_none_0289
499ddf8deef4\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.22208_none_
bb54690bd1df5a1e\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18096_none_
d22b4019b82faa94\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.20864_none_
bb7eca1fd1887f4d\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16708_none_
d2461403b7e6edc1\System.Runtime.Serialization.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6001.22208_none_6e2eb1c839eb7bff\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6001.18096_none_850588d6203bcc75\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6000.20864_none_6e5912dc3994a12e\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6000.16708_none_85205cc01ff30fa2\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6001.22208_none_068c11b05db6
bb6a\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6001.18096_none_1d62e8be4407
0be0\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6000.20864_none_06b672c45d5f
e099\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6000.16708_none_1d7dbca843be
4f0d\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6001.22208_none_95
20e1d88d457400\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6001.18096_none_ab
f7b8e67395c476\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6000.20864_none_95
4b42ec8cee992f\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6000.16708_none_ac
128cd0734d07a3\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6001.22208_none_fb8b69b06e19ee70\SMSvcHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6001.18096_none_126240be546a3ee6\SMSvcHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:12 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6000.20864_none_fbb5cac46dc3139f\SMSvcHost.exe
+ 2009-08-10 19:27 . 2008-06-20 01:17 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6000.16708_none_127d14a854218213\SMSvcHost.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6001.22208_none_87c3f6f4c9aa65b8\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6001.18096_none_9e9ace02affab62e\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6000.20864_none_87ee5808c9538ae7\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6000.16708_none_9eb5a1ecafb1f95b\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6001.22208_none_33fe5fa115ae9bd2\ServiceModelReg.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6001.18096_none_4ad536aefbfeec48\ServiceModelReg.exe
+ 2009-08-10 19:28 . 2008-06-20 01:12 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6000.20864_none_3428c0b51557c101\ServiceModelReg.exe
+ 2009-08-10 19:28 . 2008-06-20 01:17 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6000.16708_none_4af00a98fbb62f75\ServiceModelReg.exe
+ 2009-08-10 19:28 . 2008-06-20 01:13 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6001.22208_none_4240f8a51a971ffc\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6001.18096_none_41540a1401c44bd6\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6000.20864_none_4015d94f1da4d155\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6000.16708_none_3fd11d340452ef41\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6001.22208_none_ac3c35f9559e5ae3\PresentationUI.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6001.18096_none_ab4f47683ccb86bd\PresentationUI.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6000.20864_none_aa1116a358ac0c3c\PresentationUI.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6000.16708_none_a9cc5a883f5a2a28\PresentationUI.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6001.22208_none_9b3c
e050aa5ad929\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6001.18096_none_9a4f
f1bf91880503\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6000.20864_none_9911
c0faad688a82\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6000.16708_none_98cd
04df9416a86e\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6001.22208_none_18b48c
e1895a2e6b\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6001.18096_none_17c79e
5070875a45\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6000.20864_none_16896d
8b8c67dfc4\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6000.16708_none_1644b1
707315fdb0\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6001.22208_none_b0e
af6e9fda81431\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6001.18096_none_aff
e0858e4d5400b\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6000.20864_none_aeb
fd79400b5c58a\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6000.16708_none_ae7
b1b78e763e376\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6001.22208_none_19d9b4
0388b016e8\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6001.18096_none_18ecc5
726fdd42c2\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6000.20864_none_17ae94
ad8bbdc841\PresentationFramework.Aero.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6000.16708_none_1769d8
92726be62d\PresentationFramework.Aero.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_9cb21d8151
aec4d9\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_9bc52ef038
dbf0b3\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_9a86fe2b54
bc7632\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_9a4242103b
6a941e\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6001.22208_none_b11
4e4c017448d80\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6001.18096_none_c7e
bbbcdfd94ddf6\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6000.20864_none_b13
f45d416edb2af\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:28 . 2008-06-20 01:17 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6000.16708_none_c80
68fb7fd4c2123\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6001.22208_none_d4ba1a7aee429661\ComSvcConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6001.18096_none_eb90f188d492e6d7\ComSvcConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:12 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6000.20864_none_d4e47b8eedebbb90\ComSvcConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:17 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6000.16708_none_ebabc572d44a2a04\ComSvcConfig.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 301568 c:\windows\System32\XPSViewer\XPSViewer.exe
+ 2008-12-17 00:00 . 2009-08-11 23:24 423690 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-08-11 16:41 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-08 19:08 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-08 19:08 102194 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-11 16:41 102194 c:\windows\System32\perfc009.dat
+ 2009-08-08 18:45 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll
- 2009-06-10 22:48 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-08-08 18:45 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-08-08 18:45 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll
- 2009-06-10 22:48 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll
- 2009-06-10 22:48 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll
- 2009-06-10 22:48 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll
- 2009-06-10 22:48 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 181264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2009-08-09 15:24 . 2009-08-09 15:24 248832 c:\windows\Installer\56701.msi
+ 2009-08-10 19:33 . 2009-08-10 19:33 648192 c:\windows\Installer\142d044.msi
+ 2008-12-25 22:21 . 2009-08-09 15:30 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-08-11 01:21 . 2009-08-11 01:21 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8875e6d61ff95b1ab9801156ea795373\WsatConfig.ni.exe
+ 2009-08-11 05:12 . 2009-08-11 05:12 239616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\93e9637d1e5c69baa89c5a47dc44153f\WindowsFormsIntegration.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 284160 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\aa07a05aa56b83678a351cf2185b342e\VistaBridgeLibrary.ni.dll
+ 2009-08-10 19:35 . 2009-08-10 19:35 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\817d652893fb93c34428b1b4206a2803\UIAutomationTypes.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eb6190745392522b3c1b508bd2517096\UIAutomationClient.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4dfde90e4704b0d504ddde88045ba036\System.Web.DynamicData.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a5b71b6ba2b4405280bdc407f16d8cbe\System.IO.Log.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b64d64ef6bfef132fdc1db886bfdff\System.IdentityModel.Selectors.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\614c3b7c48bdb5ec34f8e30de4abc8d4\SMSvcHost.ni.exe
+ 2009-08-11 01:21 . 2009-08-11 01:21 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a0cb977cf742634cf54dfe5b81c1b400\SMDiagnostics.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6f93937288d32bef8b8fdfb383b37b6e\ServiceModelReg.ni.exe
+ 2009-08-10 19:36 . 2009-08-10 19:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4446ba40b28fe87388a738d7551b21\PresentationFramework.Royale.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fa0fda2540c243cd2de25db559086942\PresentationFramework.Classic.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bd6a1460174d0ea2996aa9b11a82333b\PresentationFramework.Luna.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2009-08-11 01:21 . 2009-08-11 01:21 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e5eb97b14d58d58eb1c6a2e282f28532\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\440a41a4d597095a5c8406bddf80cee2\ComSvcConfig.ni.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

ComboFix Pt. 3

+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
+ 2009-08-10 19:28 . 2008-06-20 01:14 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.22208_none_8c75ba7a272c
1073\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18096_none_8b88cbe90e59
3c4d\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.20864_none_8a4a9b242a39
c1cc\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.16708_none_8a05df0910e7
dfb8\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6001.22208_none_32f793e391151502\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6001.18096_none_320aa552784240dc\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6000.20864_none_30cc748d9422c65b\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6000.16708_none_3087b8727ad0e447\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6001.22208_none_57feade560dc8728\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6001.18096_none_5711bf544809b302\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6000.20864_none_55d38e8f63ea3881\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6000.16708_none_558ed2744a98566d\WindowsBase.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.22208_none_6f17fd076f0ccf52\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.18096_none_6e2b0e765639fb2c\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.20864_none_6cecddb1721a80ab\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.16708_none_6ca8219658c89e97\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.22208_none_fe2a5a5f051cb345\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.18096_none_1501316ceb6d03bb\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.20864_none_fe54bb7304c5d874\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.16708_none_151c0556eb2446e8\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.22208_none_acc2b340a90ab125\wpfgfx_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.22208_none_acc2b340a90ab125\PresentationCore.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.18096_none_abd5c4af9037dcff\wpfgfx_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.18096_none_abd5c4af9037dcff\PresentationCore.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.20864_none_aa9793eaac18627e\wpfgfx_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.20864_none_aa9793eaac18627e\PresentationCore.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.16708_none_aa52d7cf92c6806a\wpfgfx_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.16708_none_aa52d7cf92c6806a\PresentationCore.dll
+ 2009-08-08 18:47 . 2009-06-17 08:02 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat
+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat
+ 2009-08-08 18:47 . 2009-06-17 07:30 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat
+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat
+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat
+ 2009-08-08 18:47 . 2009-06-17 07:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat
+ 2009-08-08 18:45 . 2009-07-18 11:45 6081024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieframe.dll
+ 2009-08-08 18:45 . 2009-07-18 11:32 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieframe.dll
+ 2009-08-08 18:45 . 2009-07-18 09:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieframe.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieframe.dll
+ 2009-08-08 18:46 . 2009-07-18 12:09 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieframe.dll
+ 2009-08-08 18:46 . 2009-07-18 12:10 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieframe.dll
+ 2009-08-08 18:46 . 2009-07-18 11:45 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\mshtml.dll
+ 2009-08-08 18:46 . 2009-07-18 11:33 3599360 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\mshtml.dll
+ 2009-08-08 18:45 . 2009-07-18 11:54 3584512 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\mshtml.dll
+ 2009-08-08 18:45 . 2009-07-18 16:02 3583488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\mshtml.dll
+ 2009-08-08 18:46 . 2009-07-18 12:12 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\mshtml.dll
+ 2009-08-08 18:46 . 2009-07-18 12:13 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\mshtml.dll
+ 2009-08-08 18:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dat
+ 2009-08-08 18:46 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dat
+ 2009-08-08 18:45 . 2009-07-18 11:47 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22180_none_b6fcace0ed4eb73e\urlmon.dll
+ 2009-08-08 18:45 . 2009-07-18 11:34 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\urlmon.dll
+ 2009-08-08 18:45 . 2009-07-18 11:56 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22475_none_b5260c56f01bc4dc\urlmon.dll
+ 2009-08-08 18:45 . 2009-07-18 16:06 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\urlmon.dll
+ 2009-08-08 18:45 . 2009-07-18 12:16 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21089_none_b338d528f2f9eb53\urlmon.dll
+ 2009-08-08 18:45 . 2009-07-18 12:16 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16890_none_b29b8db5d9ec5029\urlmon.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6001.22208_none_97b08b7448b9ff5f\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6001.18096_none_96c39ce32fe72b39\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6000.20864_none_95856c1e4bc7b0b8\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6000.16708_none_9540b0033275cea4\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.22208_none_e9
0a0d4ae97e2ccb\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18096_none_e8
1d1eb9d0ab58a5\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.20864_none_e6
deedf4ec8bde24\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.16708_none_e6
9a31d9d339fc10\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:13 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.22208_none_293330
886c8121bc\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18096_none_284641
f753ae4d96\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:12 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6000.20864_none_270811
326f8ed315\System.Workflow.Activities.dll
+ 2009-08-10 19:28 . 2008-06-20 01:18 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6000.16708_none_26c355
17563cf101\System.Workflow.Activities.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6001.22208_none_8e1bf2cea44da
c8d\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6001.18096_none_a4f2c9dc8a9df
d03\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6000.20864_none_8e4653e2a3f6d
1bc\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6000.16708_none_a50d9dc68a554
030\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.22208_none_559775022
c5c3394\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.18096_none_6c6e4c101
2ac840a\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.20864_none_55c1d6162
c0558c3\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.16708_none_6c891ffa1
263c737\System.ServiceModel.dll
+ 2009-08-10 19:27 . 2008-06-20 01:13 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6001.22208_none_774937060d1
32321\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6001.18096_none_765c4874f44
04efb\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:12 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6000.20864_none_751e17b0102
0d47a\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:18 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6000.16708_none_74d95b94f6c
ef266\PresentationFramework.dll
+ 2009-08-08 18:45 . 2009-07-18 16:06 1166336 c:\windows\System32\urlmon.dll
- 2009-06-10 22:48 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-08-11 05:48 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-08-08 18:53 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-08-08 18:45 . 2009-07-18 16:02 3583488 c:\windows\System32\mshtml.dll
+ 2009-08-08 18:45 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll
- 2009-06-10 22:48 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll
+ 2006-11-02 12:47 . 2009-08-09 17:36 2318144 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-06-22 17:24 2318144 c:\windows\System32\FNTCACHE.DAT
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-05-26 22:54 . 2009-05-26 22:54 4192768 c:\windows\Installer\56741.msp
+ 2009-07-02 20:23 . 2009-07-02 20:23 5027328 c:\windows\Installer\56715.msp
+ 2008-12-25 22:21 . 2009-08-09 15:30 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-25 22:21 . 2009-08-09 15:30 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-25 22:21 . 2009-06-15 12:11 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-17 21:49 . 2009-06-15 12:10 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-17 21:49 . 2009-08-09 15:30 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-10 19:35 . 2009-08-10 19:35 3311104 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c8b13dcfc97e24405e4fc0475ce6f8f6\UIAutomationClientsideProviders.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2deca0680ab84ffa0d02529e6008c3af\System.WorkflowServices.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5d6b641086cce5fdc858845791bceb39\System.Workflow.Runtime.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ebf9425af71d1715702beddca876205\System.Workflow.ComponentModel.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9a3bbad437aad5decc858ca4ff6aa95e\System.Workflow.Activities.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7a2ff61712242ed5a8ed3e2051913d8a\System.Web.Extensions.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9cd971129846bdc7b4d6f4de75d0d56f\System.ServiceModel.Web.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6a0e6b429befa7ae3195cfc8c92ea2cc\System.Runtime.Serialization.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\828c0797125f0e89f76c00c87708cd08\System.Printing.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\833aa4f13464ecb314a27adbcfca1e22\System.IdentityModel.ni.dll
+ 2009-08-11 05:12 . 2009-08-11 05:12 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\41610b6770b86d583f850fe48761ff0c\System.Data.Services.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\f38eb6cd3804a40cbff2d1103f541776\System.Data.Linq.ni.dll
+ 2009-08-11 05:11 . 2009-08-11 05:11 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\dd4ce78d33fde0033fa5bd50e24c8fbc\System.Data.Entity.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 2294784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 2126336 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87d2215a3b6b8ebec883f6bf82b6b781\ReachFramework.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 1656832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\4746ed9ba78a700176711accdea55be1\PresentationUI.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4425dd4db3b0530d0a9369b7b259088b\PresentationBuildTasks.ni.dll
+ 2009-08-11 01:21 . 2009-08-11 01:21 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\88b610bb7a660a1b06385d595a72d272\Microsoft.Transactions.Bridge.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-08-11 01:22 . 2009-08-11 01:22 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-08-10 19:33 . 2009-08-10 19:33 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2009-08-10 19:28 . 2008-06-20 01:14 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-06-13 07:01 . 2009-08-10 19:32 77842451 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2006-11-02 10:24 . 2009-07-07 15:10 24539592 c:\windows\System32\mrt.exe
+ 2009-08-11 01:21 . 2009-08-11 01:21 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8916ab751fafa7245dc9dfa6cfac3cfc\System.ServiceModel.ni.dll
+ 2009-08-10 19:36 . 2009-08-10 19:36 14320128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll
+ 2009-08-10 19:35 . 2009-08-10 19:35 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-16 39408]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-18 145944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-06-24 91432]

c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll" [2008-09-17 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83EBE4D4-420E-4770-A6EA-72C1B6139ACC}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{5DA30AFC-D792-46F0-AAD1-B06D75914C5C}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3276E660-7CEC-4959-AD16-340C5B4CDDF1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{63B77538-D270-49E2-BDB7-E26C92616C65}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E2D0029C-0CDF-4081-9401-68CF7AF8732E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{D05DE99F-D323-4130-963F-6181DBABB181}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{AFEA741D-E902-42A5-AEB6-77F5762AD625}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{5BF27FD1-310A-42DA-B3B6-48FAF15C1F11}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{FED72049-7622-4DDB-87EC-7B84366DD52A}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{02B4B086-FA54-473E-831E-A7FB64D1501B}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{C688789D-9D25-4278-A4B7-2FFC86A4C565}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{D33E9505-6F0A-491E-A514-5E255FAF86AF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{96A6E6BE-03B2-4AA1-8E4A-0A05B4628D05}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3E77C399-2295-42C2-B5DF-7E1F7C00E271}"= UDP:c:\windows\System32\dldtcoms.exe:V305 Server
"{6E87E812-B5B6-4C80-9EB7-09029BE3D566}"= TCP:c:\windows\System32\dldtcoms.exe:V305 Server
"{9D2A0E06-BE68-4E98-AD26-B03084332911}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AA8755D8-C835-4B5F-991E-D1DC541704F8}"= Disabled:UDP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{DEC841EC-3E88-4919-8F1D-8B1670DBACB3}"= Disabled:TCP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{5922F539-6744-42E2-83B8-109F30836DC2}"= UDP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (TCP-In)
"{00E20032-68C0-4940-9FE3-A9038AEB0C66}"= TCP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (UDP-In)
"{D1D21194-0F4E-4B52-9B0F-EBC3FE0EBBEB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8BE3EA4B-5691-4A3C-B292-0C79730B7B6B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E0BE5A99-AA27-4149-B223-1A6400F4B02D}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{FBAD8F50-A553-4441-85F3-941612C4BBF4}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"{C569B9A3-8CEF-40DC-AA5B-A76C820B178B}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{0E0FCDA2-C2AD-4FBA-9DE0-647274A1039B}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{7C90511D-4A71-4A41-AEEE-758FF6DAAE80}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA
"UDP Query User{04E2D00C-C683-4622-BBC5-20E19FFEDFC6}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA
"TCP Query User{A9F4ACD7-F98C-4127-913A-1ACD4270CEE3}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"UDP Query User{2C7C9D74-7D17-4E20-83D4-B2576DF9354F}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"TCP Query User{8B2D711B-4638-4ED9-A25C-2F83B2CFF680}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{02ED14D3-38E8-48DD-995B-84F3543B566A}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"{4F0188FC-6227-4965-B077-607E250234CF}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F50E3B51-7E9B-41B8-9351-F5732E0BC121}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{9F4749D8-F8D4-41FE-B735-B280F82C02D2}c:\\program files\\corel\\dvd9\\windvd.exe"= UDP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"UDP Query User{A0A8ABF6-D28A-4B23-BE7C-AD8050BA815D}c:\\program files\\corel\\dvd9\\windvd.exe"= TCP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"{C08916A0-B3F0-4C38-8EAD-F305A3FD4E80}"= UDP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (TCP-In)
"{BB1A5692-3A89-4301-8B8C-49D4DF182310}"= TCP:c:\users\Brandon\Downloads\utorrent.exe:µTorrent (UDP-In)
"{AAB92EDE-AAD6-47AD-B112-C4278DA22C85}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FEB2FB92-5A6D-4B6C-BFA2-77A761F0295A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B29E131E-EB0F-4EFC-B95A-590CCCF7C4B7}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{BABC665E-F652-4A37-BEC8-7C75850CA3C5}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{ECEBB919-64E0-455F-8067-7311AD54222C}"= TCP:67:DHCP Discovery Service
"{E83E16F2-4C9C-4EC0-82CD-4F009113D2B9}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{A312F297-7BB3-4116-8535-E6DB76A6D61E}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{3981A14B-82DB-46F8-92AB-3B40013947A2}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"UDP Query User{BFA43B18-BFCC-4EE1-96DE-8C168531A418}c:\\program files\\java\\jre1.6.0_07\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe:Java™ Platform SE binary
"TCP Query User{8A5B3753-C0A8-4515-96C2-B0E1FFBDDCAA}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{BACB5001-B936-4CD9-BF94-FF891DB6F3D8}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{CC54EA53-A8CA-4EA1-9C7A-2B214504AFCD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{95626CA2-E99A-4360-9F7B-F811751A4CCC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{07EB25C7-D697-4E7D-94E7-9B8904D98DB0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{10B47747-A986-40B2-9680-211029088F15}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B74BA92B-25BE-4063-9532-78A083D1A0EB}"= UDP:5353:Adobe CSI CS4
"{29E554A0-21D5-45BB-8C80-52A2A7A8E5EA}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F70A48F7-69AD-401A-8AD0-D85FA9226A8B}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8B2F7E38-6094-4DE7-BBFA-C76729CCC0E6}"= UDP:3703:Adobe Version Cue CS4 Server
"{ADB4A37E-5526-49B2-BC05-344F6687D986}"= UDP:3704:Adobe Version Cue CS4 Server
"{397A7695-A3E5-4D70-8920-8482AC1ED959}"= UDP:51000:Adobe Version Cue CS4 Server
"{1B48C767-F255-40BC-A80A-4D275D9CF666}"= UDP:51001:Adobe Version Cue CS4 Server
"{5C027302-A250-43D3-B203-01C59C4F7916}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{560AE378-2AFA-4B2F-8445-4E7DD661DB5B}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{417BD20A-AA5D-4085-9D94-728E9528B7C8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0F878590-77B0-4DBF-BEA2-66AC33EABAC2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{74DBDB92-FC02-469A-BFEF-9D9C34F5C8F4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{16D936E0-F492-406C-96E8-0F52073E6FC3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{70C44E82-B287-4B91-9F1B-99F25046D5B2}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"UDP Query User{B6C288BB-379F-4AAB-AD9F-5F9F63D7AB6B}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"TCP Query User{4DFF0279-A1CA-4B1C-8533-9B01BA55F9CE}c:\\users\\brandon\\downloads\\torrents\\left.4.dead.full-rip.skullptura\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\brandon\downloads\torrents\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{A27675BE-C887-407E-960D-7654F21147C6}c:\\users\\brandon\\downloads\\torrents\\left.4.dead.full-rip.skullptura\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\brandon\downloads\torrents\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"{FA746B78-F747-4F43-B0E6-FA43F436A626}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{FB6D18D0-60F8-44C3-90E2-4F13866AAEF6}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{E909E2FF-A708-42C0-8F23-7E73FCD9FEB2}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{361C93C3-FDB9-4145-80EC-C38B9CFF2CD4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{57061080-9DEB-4CCC-98CF-1FD7A213A673}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{608650D9-0567-4B33-9367-E67BEC08BC90}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{C0189F08-AEFB-45C9-BF62-7536AAE5418D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C978A9B0-4D40-4BC5-8B9B-D9FF67751B92}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{CC1AB3BA-32E5-4AAA-A331-86B0B5341310}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B564F6F0-DA3A-464E-8666-031D0516A753}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9CD34495-1988-43D8-93EF-B1F12F15E287}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"UDP Query User{4DD8914C-E120-4DD7-A76E-76422E68417E}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{413B7B6A-C2EB-48F8-A046-65F510A6ADAA}"= TCP:67:DHCP Discovery Service
"{7981B309-AFFD-4084-AD91-815025BAEA59}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{B9479245-6BC3-40D2-9635-FEA8E96E98AA}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{859F62A1-403E-4913-805F-9A5D4D8E6B10}c:\\users\\brandon\\downloads\\new folder\\utorrent.exe"= UDP:c:\users\brandon\downloads\new folder\utorrent.exe:utorrent.exe
"UDP Query User{7E80C1C0-ADBD-48B8-BE23-7BE72ACE0BC6}c:\\users\\brandon\\downloads\\new folder\\utorrent.exe"= TCP:c:\users\brandon\downloads\new folder\utorrent.exe:utorrent.exe
"{8437E028-A85A-4AA9-B203-C0FB2BDF0CE7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BC1A49B0-7300-4855-ACB6-2E76F97D5552}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{402351C0-CAFD-4C8A-937C-C36D11D06561}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{F1082134-CF0A-424F-8304-6A34A80F6C49}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{970F42F2-64E7-4D0C-A4EB-3D0A5BE3F36C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4870AA1-A182-4FE1-8253-C14BCE1E7714}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8B14894A-9F7F-4299-A472-59E3A47C1D43}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{7154ED56-7482-404D-B968-59B9B8ACC734}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{D04A3B03-AF48-4BBC-A0EB-F63EFDF77113}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C6F32EE2-4E27-46A3-9732-8089BA85DAF2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B3D5976D-72A1-4DAD-BDEF-632C4BD289DF}c:\\users\\brandon\\documents\\my games\\left 4 dead\\left4dead.exe"= UDP:c:\users\brandon\documents\my games\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{C1CEB6D3-71F9-4D64-98CC-E528B2E2B0E8}c:\\users\\brandon\\documents\\my games\\left 4 dead\\left4dead.exe"= TCP:c:\users\brandon\documents\my games\left 4 dead\left4dead.exe:left4dead.exe
"{B9C83106-D278-4AF9-863F-4B1DB4680D31}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{0FCC08F5-19E0-4E20-B9C1-FD04D9532B6E}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{BBD3E1E4-E281-48B6-AB1E-313808934264}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AA2052AA-9FE2-447D-91AB-1CF8DCCDF62C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8B76376D-8B64-4B64-A2A8-8FB64BAC7D3F}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{197D8A14-1FCE-48E5-9D51-B8A3D3BBDA1D}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{6CF5E2EA-A038-4899-A914-82FDC5D3A9E5}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FCECA3D6-5FEE-4618-9547-53811F68C533}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{040E7865-A8C8-4481-A76F-58468AFAB90C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4617E45F-8D52-4752-985E-403C7173F252}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{53BB006C-C402-4319-A44F-C75EE82CC943}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{EFDC1CF0-BD88-4C9B-92B2-860F38FA8CAC}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{085B09F6-64F7-4941-835D-00D8ABAD4BE8}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{8718FEAD-D596-4A96-9F75-5E2922E6B8F1}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{AE51EC29-4960-4F30-8E8A-A839162E8ADD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DF0F80B5-56A0-493F-82BE-DF87680A200F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{BBAD0EBD-BA1D-411B-B19F-493C9D6CA653}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{532E270B-2C21-404D-92DC-7AEB30D43953}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{6230EC30-B3C3-4ABF-A43F-1E821B12BF62}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{83EDB4EE-8770-452A-993B-C27E82320B49}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{362ED3DD-7D1B-46DB-BE10-D43109DBC23C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1CE637DA-AC58-4303-97BC-0FFBE22E5B9F}"= UDP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (TCP-In)
"{8E3DA0E5-D01A-49C0-8066-9264728BE30C}"= TCP:c:\users\Brandon\Downloads\New Folder\utorrent.exe:µTorrent (UDP-In)
"{334795D2-1775-40D0-B812-24E21E3FE600}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{607E302F-CFD0-4471-AC4D-9BB9F9BB7589}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C89CE12A-38D0-479C-8FB5-E46069B69A7D}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{77C2B7C6-4C1D-4C7A-9FBD-53607CAB67A4}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe [12/16/2008 9:04 PM 73728]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/9/2009 12:51 PM 210216]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/16/2008 9:04 PM 113664]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [12/16/2008 9:04 PM 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [12/16/2008 9:04 PM 203264]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [8/2/2009 5:27 PM 19096]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [12/16/2008 9:04 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [12/16/2008 9:04 PM 277632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2009 5:27 PM 211216]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/16/2008 7:45 PM 30192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRK
*Deregistered* - PnkBstrK
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-27 14:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-27 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081217
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\7pkx9c9b.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 19:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2873835703-867658926-3654523082-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):fe,f9,02,01,49,51,2d,a9,51,ce,c1,b9,cc,fa,8d,f0,21,da,c3,c8,27,
a2,da,bb,f8,d8,30,8b,17,45,c3,61,6a,a3,23,10,14,95,87,a9,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2873835703-867658926-3654523082-1000_Classes\CLSID\{f310d0cc-7f52-40b9-b20d-ea09c65043ee}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000037
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,f8,0b,f2,c4,7d,43,2e,bd,6a,e5,31,bf,56,c8,9e,be,15,3a,96,84,18,94,\
.
Completion time: 2009-08-11 20:02
ComboFix-quarantined-files.txt 2009-08-12 00:02
ComboFix2.txt 2009-08-08 19:56

Pre-Run: 144,958,623,744 bytes free
Post-Run: 144,989,466,624 bytes free

1184 --- E O F --- 2009-08-10 15:09

HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:04 PM, on 8/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 13382 bytes




P.S. - FireFox is working fine now

Some final items:


Follow these steps to uninstall Combofix and all of its files and components.

• Click START then RUN
• Now type Combo-Fix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

It's a good idea to Flush your System Restore after removing malware and create a new restore point.

For help with Vista visit: http://www.bleepingcomputer.com/tutorials/tutorial143.html


Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
2. Here are two great Preventive programs

:

1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.

1. Red for Warning
2. Yellow for Use Caution
3. Green for Safe
4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox



Now you should Clean up your PC


Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Malware And Spyware Tips

It was a pleasure working with you I3randon.

Kenny