Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows update error - redirected from web search links

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 19th, 2010, 2:15 pm

I apologize for this, I have removed some of the software from my PC, however I am having trouble removing the itemes below. Can you help me with this? I do whant you to continue helping me otherwise I will not be able to solve the problems I have created. Thanks.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gamersfirst\war rock\texture\fmx01\d_crackwall01.dds
c:\users\panfilo\adobe\lightroom 2.3\keygen.exe
scanner sequence 3.AA.11
----- EOF -----
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am
Advertisement
Register to Remove

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 19th, 2010, 2:25 pm

Hi psanchez65.
No problem we can deal with those, Ok lets continue with the instructions below.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be lengthy you may have to post it in separate replies.


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • RKUnHooker log..
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 19th, 2010, 11:50 pm

Thanks for sticking with me.

When trying to run RSIT as administrator I get a window that states "The pipe state is invalid".

Should I go ahead and try running Rootkit Unhooker? Waiting further instructions...
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 20th, 2010, 5:10 am

Yes go ahead and try running RKUnHooker, if successful post the log please.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 20th, 2010, 9:21 am

Not successful, I get a window that states "The pipe state is invalid".
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 20th, 2010, 11:24 am

Hi psanchez65.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Double Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.
  • Note: Don't forget to Re-enable it after the below fix.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.
  • Note: You must rename it before saving it... Rename it: Cypher.com. See images below.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    Image

    Image
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 20th, 2010, 12:45 pm

Hi Cypher.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Panfilo on 08/20/2010 at 11:40:55.


Processes terminated by Rkill or while it was running:


C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Panfilo\Desktop\rkill.exe


Rkill completed on 08/20/2010 at 11:40:59.

ComboFix 10-08-18.06 - Panfilo 08/20/2010 12:15:52.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1916 [GMT -4:00]
Running from: c:\users\Panfilo\Desktop\Cypher.com
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SpeedTest
c:\users\Panfilo\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 16:05 . 2010-08-20 16:05 -------- d-----w- c:\program files\ERUNT
2010-08-19 16:16 . 2010-08-19 16:16 -------- d-----w- C:\MGADiagToolOutput
2010-08-17 16:40 . 2010-08-17 16:40 -------- d-----w- c:\users\Panfilo\AppData\Roaming\Malwarebytes
2010-08-17 16:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 16:39 . 2010-08-17 16:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-17 16:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 16:39 . 2010-08-19 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 16:06 . 2010-08-18 16:11 -------- d-----w- C:\MyBackup
2010-08-15 06:32 . 2010-08-15 06:32 72192 ----a-w- c:\windows\system32\drivers\omrsbiyw.sys
2010-08-14 15:07 . 2010-08-14 15:07 -------- d-----w- c:\program files\Trend Micro
2010-08-13 23:58 . 2010-08-13 23:58 72192 ----a-w- c:\windows\system32\drivers\rjrmiwdj.sys
2010-08-13 10:31 . 2010-08-13 10:31 72192 ----a-w- c:\windows\system32\drivers\ekevxrun.sys
2010-08-13 01:07 . 2010-08-14 16:00 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-12 21:09 . 2010-08-12 21:09 72192 ----a-w- c:\windows\system32\drivers\gqbrfkzn.sys
2010-08-12 06:34 . 2010-08-12 06:34 72192 ----a-w- c:\windows\system32\drivers\izaqysai.sys
2010-08-12 03:47 . 2010-08-12 03:47 72192 ----a-w- c:\windows\system32\drivers\vcqfrjgf.sys
2010-08-12 03:24 . 2010-08-12 03:24 72192 ----a-w- c:\windows\system32\drivers\sovjfnzz.sys
2010-08-12 03:09 . 2010-08-12 03:09 72192 ----a-w- c:\windows\system32\drivers\ourjibcw.sys
2010-08-12 00:07 . 2010-08-12 00:11 -------- d-----w- c:\windows\system32\catroot2(97)
2010-08-06 23:36 . 2010-08-06 23:45 -------- d-----w- c:\users\Panfilo\AppData\Local\._Revolution_
2010-08-06 23:36 . 2010-08-06 23:36 -------- d-----w- c:\program files\NightScaper
2010-08-04 21:37 . 2010-08-04 21:37 -------- d-----w- c:\programdata\ATI
2010-08-04 21:26 . 2010-08-04 21:29 -------- d-----w- c:\program files\ATI
2010-08-04 21:26 . 2010-08-04 21:26 -------- d-----w- C:\ATI
2010-07-26 00:11 . 2010-08-12 00:22 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 16:14 . 2010-06-28 03:32 -------- d-----w- c:\users\Panfilo\AppData\Roaming\SoftGrid Client
2010-08-19 17:53 . 2008-09-27 22:14 -------- d-----w- c:\program files\MSN Games
2010-08-19 17:15 . 2008-09-29 01:41 -------- d-----w- c:\program files\Electronic Arts
2010-08-19 17:06 . 2008-09-25 19:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 17:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-19 16:52 . 2008-09-25 19:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 05:13 . 2008-09-27 19:23 118264 ----a-w- c:\users\Panfilo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-14 16:01 . 2008-09-25 19:24 -------- d-----w- c:\program files\Google
2010-08-14 15:59 . 2008-10-04 21:19 -------- d-----w- c:\program files\LimeWire
2010-08-12 02:55 . 2009-10-15 00:17 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-08-12 00:22 . 2008-10-04 21:19 -------- d-----w- c:\users\Panfilo\AppData\Roaming\LimeWire
2010-08-12 00:22 . 2009-04-28 01:28 -------- d-----w- c:\programdata\NOS
2010-08-12 00:22 . 2010-03-23 00:09 -------- d-----w- c:\program files\Haali
2010-08-12 00:21 . 2008-09-25 19:18 -------- d-----w- c:\program files\ATI Technologies
2010-08-06 01:35 . 2009-01-26 21:38 -------- d-----w- c:\programdata\Skype
2010-07-15 07:01 . 2010-06-28 03:31 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-07-15 07:01 . 2008-10-05 21:16 -------- d-----w- c:\programdata\Microsoft Help
2010-07-14 07:58 . 2010-06-28 07:06 -------- d-----w- c:\programdata\VirtualizedApplications
2010-07-14 00:21 . 2010-05-17 16:15 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 00:21 . 2010-05-17 01:45 -------- d-----w- c:\programdata\DivX
2010-07-14 00:21 . 2010-07-14 00:21 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-14 00:21 . 2008-12-28 18:12 -------- d-----w- c:\program files\DivX
2010-07-14 00:21 . 2010-07-14 00:21 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-14 00:20 . 2010-07-14 00:20 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-14 00:17 . 2010-05-17 01:47 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-14 00:17 . 2010-05-17 01:47 1090856 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-30 07:01 . 2009-12-09 21:39 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 04:17 . 2008-10-05 21:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 03:32 . 2010-06-28 03:26 -------- d-----w- c:\users\Panfilo\AppData\Roaming\TP
2010-06-16 10:56 . 2010-06-16 10:56 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 21:07 . 2010-06-11 21:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-01 17:37 . 2009-12-09 21:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-10 04:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 04:36 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-09-25 19:17 . 2008-09-25 19:17 74 --sh--r- c:\windows\CT4CET.bin
2008-09-25 22:49 . 2008-09-25 22:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" [2010-02-28 3207072]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-11-18 4269296]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\Panfilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-18 575488]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-25 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Panfilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\users\Panfilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]
2007-08-22 05:39 28672 ----a-w- c:\windows\OEM05Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-25 19:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,2a,06,4d,92,79,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1c9c1d52ef27fe8;Google Update Service (gupdate1c9c1d52ef27fe8);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 133104]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 16:29]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 16:29]

2010-08-20 c:\windows\Tasks\User_Feed_Synchronization-{DED468D6-25F1-4080-B2E6-6ACE4BED1E53}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsig ... &mkt=en-US
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Panfilo\AppData\Roaming\Mozilla\Firefox\Profiles\141y560w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://nzbmatrix.com/|http://www22.veri ... Login.aspx
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BitTorrent DNA - c:\users\Panfilo\Program Files\DNA\btdna.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Skype - c:\program files\Skype\\Phone\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 12:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Panfilo\AppData\Local\Temp\RpT1D30.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3972471545-778204691-3294514810-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,1e,d5,42,32,33,63,b3,05,67,4f,65,e4,a4,ae,0f,eb,67,9d,4b,9a,
4e,c2,0a,c2,74,c5,aa,1d,0a,13,f8,48,11,3d,02,88,5b,c9,e6,1f,c1,60,9b,04,32,\
"rkeysecu"=hex:f0,dd,eb,6d,51,1d,46,4f,14,d9,3b,30,72,fc,5f,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
q:\140062.enu\Office14\MSOSYNC.EXE
q:\140062.enu\Office14\ONENOTEM.EXE
c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
.
**************************************************************************
.
Completion time: 2010-08-20 12:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 16:40

Pre-Run: 314,513,481,728 bytes free
Post-Run: 319,652,921,344 bytes free

- - End Of File - - 6091F4369044175785A59EAC188D7E5F
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 20th, 2010, 1:19 pm

Hi psanchez65.
Are you're searches still being redirected?

Upload File/Files for testing

Please go to jotti.org or Virustotal

Copy/paste this file and path into the white box at the top:
c:\windows\system32\drivers\omrsbiyw.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Repeat the process for the following.
c:\windows\system32\drivers\ekevxrun.sys

c:\windows\system32\drivers\ourjibcw.sys

Logs/Information to Post in your Next Reply

  • Jotti or virustotal results.
  • Please give me an update on your computers performance, are you're searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 21st, 2010, 12:34 am

Hi Cypher.

So far my searches are no longer getting redirected also Microsoft Security Essentials was able to update. Windows update also ran but should I go ahead and update or wait?


Jotti's malware scan
Filename: omrsbiyw.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sat 21 Aug 2010 06:21:03 (CET) Permalink

File name: ekevxrun.sys
Submission date: 2010-08-21 04:26:23 (UTC)
Current status: queued queued analysing finished


Result: 0/ 40 (0.0%)



File name: ourjibcw.sys
Submission date: 2010-08-21 04:28:40 (UTC)
Current status: queued queued analysing finished


Result: 0/ 42 (0.0%)
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 21st, 2010, 5:48 am

Hi psanchez65.
So far my searches are no longer getting redirected also Microsoft Security Essentials was able to update. Windows update also ran but should I go ahead and update or wait?
Thats good news but don't update windows until we are sure you're PC is clean please.
Continue with the instructions below.

Disable Windows Defender

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.
  • Note: Please do not Re-enable this until i tell you to do so.

Next.

Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.
  • Note: Don't forget to Re-enable it after the below fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    Folder::
    c:\users\panfilo\adobe\lightroom 2.3
    c:\program files\LimeWire
    c:\users\Panfilo\AppData\Roaming\LimeWire
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\WINDOWS\system32\blank.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8EA6827-1B82-494a-ACAC-A582A714DCA8}]
    [-HKEY_CLASSES_ROOT\CLSID\{F8EA6827-1B82-494a-ACAC-A582A714DCA8}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    
    DirLook::
    c:\users\Panfilo\AppData\Local\._Revolution_
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • HijackThis log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 21st, 2010, 9:56 am

Hello Cypher.

I did not realize I had windows updater on automatic and it ran last night I hope this is not a problem. Also, window defender was already off.

When running ComboFix at stage_2 a window popped up "PEV.CFxxe has stopped working" once I closed it ComboFix continued.

ComboFix Log Part 1

ComboFix 10-08-20.01 - Panfilo 08/21/2010 8:52.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1919 [GMT -4:00]
Running from: c:\users\Panfilo\Desktop\Cypher.com
Command switches used :: c:\users\Panfilo\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\lib(2)\LimeWire.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\root(7)\magnet10\badge.img
c:\program files\LimeWire\root(7)\magnet10\canHandle.img
c:\program files\LimeWire\root(7)\magnet10\limewire.gif
c:\program files\LimeWire\toolbarResult
c:\users\panfilo\adobe\lightroom 2.3
c:\users\panfilo\adobe\lightroom 2.3\Adobe Photoshop Lightroom 2\setup32.exe
c:\users\panfilo\adobe\lightroom 2.3\Install Lightroom 2.3.exe
c:\users\panfilo\adobe\lightroom 2.3\keygen.exe
c:\users\panfilo\adobe\lightroom 2.3\Lees mij voor Lightroom 2.pdf
c:\users\panfilo\adobe\lightroom 2.3\Leggimi di Lightroom 2.pdf
c:\users\panfilo\adobe\lightroom 2.3\Leia-me do Lightroom 2.pdf
c:\users\panfilo\adobe\lightroom 2.3\Lightroom 2 Read Me.pdf
c:\users\panfilo\adobe\lightroom 2.3\Léame de Lightroom 2.pdf
c:\users\panfilo\adobe\lightroom 2.3\Viktigt om Lightroom 2.pdf
c:\users\Panfilo\AppData\Roaming\LimeWire
c:\users\Panfilo\AppData\Roaming\LimeWire\active.mojito
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xul-v2.0b2.5-do-not-remove
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\branding.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\classic.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\comm.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\en-US.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\limewire.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\pippki.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\chrome\toolkit.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\accessibility-msaa.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\accessibility.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\alerts.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\appshell.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\appshell_modal.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\appstartup.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\autocomplete.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\autoconfig.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\caps.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\chardet.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\chrome.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\commandhandler.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\commandlines.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\composer.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_html.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_htmldoc.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_xmldoc.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_xslt.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\content_xtf.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\contentprefs.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\cookie.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\directory.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\docshell_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_canvas.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_core.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_css.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_events.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_html.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_json.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_loadsave.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_offline.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_range.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_sidebar.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_storage.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_stylesheets.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_svg.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_traversal.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_views.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_xbl.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_xpath.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\dom_xul.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\downloads.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\editor.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\embed_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\extensions.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\exthandler.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\exthelper.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\fastfind.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\feeds.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\find.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\gfx.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\htmlparser.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\imgicon.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\imglib2.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\inspector.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\intl.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\jar.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\jsdservice.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\layout_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\layout_printing.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\layout_xul.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\layout_xul_tree.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\locale.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\loginmgr.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\lwbrk.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\mimetype.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\mozbrwsr.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\mozfind.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_about.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_cache.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_cookie.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_dns.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_file.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_ftp.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_http.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_res.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_socket.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_strconv.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\necko_viewsource.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\oji.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\parentalcontrols.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\pipboot.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\pipnss.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\pippki.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\places.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\plugin.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\pref.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\prefetch.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\profile.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\proxyObject.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\rdf.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\satchel.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\saxparser.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\shistory.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\spellchecker.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\storage.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\toolkitprofile.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\txmgr.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\txtsvc.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\uconv.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\unicharutil.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\update.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\uriloader.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\urlformatter.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\webBrowser_core.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\webbrowserpersist.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\webshell_idls.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\widget.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\windowds.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\windowwatcher.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xml-rpc.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_base.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_components.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_ds.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_io.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_system.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_thread.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpcom_xpti.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpconnect.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xpinstall.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xulapp.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xulapp_setup.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xuldoc.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\xultmpl.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\components\zipwriter.xpt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\localstore.rdf
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\defaults\profile\US\localstore.rdf
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\dependentlibs.list
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\dictionaries\en-US.aff
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\dictionaries\en-US.dic
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\freebl3.chk
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\javaxpcom.jar
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\LICENSE
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\modules\DownloadUtils.jsm
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\modules\JSON.jsm
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\modules\PluralForm.jsm
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\modules\XPCOMUtils.jsm
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\README.txt
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\arrow.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\arrowd.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\broken-image.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\contenteditable.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\designmode.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\dtd\mathml.dtd
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\dtd\xhtml11.dtd
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\EditorOverride.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\forms.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\grabber.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\hiddenWindow.html
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\html.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\html\folder.png
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\loading-image.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\mathml.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\quirk.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\svg.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-after-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-after-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-after.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-before-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-before-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-column-before.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-after-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-after-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-after.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-before-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-before-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-add-row-before.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-column-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-column-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-column.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-row-active.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-row-hover.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\table-remove-row.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\ua.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\res\viewsource.css
c:\users\Panfilo\AppData\Roaming\LimeWire\browser(38)\xulrunner\softokn3.chk
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\Panfilo\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Panfilo\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\downloads.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\filters.props
c:\users\Panfilo\AppData\Roaming\LimeWire\gnutella.net
c:\users\Panfilo\AppData\Roaming\LimeWire\installation.props
c:\users\Panfilo\AppData\Roaming\LimeWire\library.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\library5.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\limewire.props
c:\users\Panfilo\AppData\Roaming\LimeWire\lock
c:\users\Panfilo\AppData\Roaming\LimeWire\mojito.props
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\1FEE1D11d01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\799B7821d01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\9EF2B1CFd01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\9FCB996Ed01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDECd01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\Cache\BF69D0E1d01
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\Panfilo\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\passive.mojito
c:\users\Panfilo\AppData\Roaming\LimeWire\player.props
c:\users\Panfilo\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Panfilo\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Panfilo\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Panfilo\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Panfilo\AppData\Roaming\LimeWire\questions.props
c:\users\Panfilo\AppData\Roaming\LimeWire\responses.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\restaccess.txt
c:\users\Panfilo\AppData\Roaming\LimeWire\simpp.cert
c:\users\Panfilo\AppData\Roaming\LimeWire\simpp.xml
c:\users\Panfilo\AppData\Roaming\LimeWire\spam.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\tables.props
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Panfilo\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Panfilo\AppData\Roaming\LimeWire\ttdata.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Panfilo\AppData\Roaming\LimeWire\update.cert
c:\users\Panfilo\AppData\Roaming\LimeWire\urns.dat
c:\users\Panfilo\AppData\Roaming\LimeWire\version.xml
c:\users\Panfilo\AppData\Roaming\LimeWire\versions.props
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\application.sxml2
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\application.sxml3
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Panfilo\AppData\Roaming\LimeWire\xml\data\video.sxml3

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 12:58 . 2010-08-21 12:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-21 12:58 . 2010-08-21 12:58 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-08-21 12:58 . 2010-08-21 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-21 12:50 . 2010-08-21 12:51 -------- d-----w- C:\32788R22FWJFW
2010-08-20 20:54 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-20 16:24 . 2010-08-21 13:08 -------- d-----w- c:\users\Panfilo\AppData\Local\temp
2010-08-20 16:05 . 2010-08-20 16:05 -------- d-----w- c:\program files\ERUNT
2010-08-19 16:16 . 2010-08-19 16:16 -------- d-----w- C:\MGADiagToolOutput
2010-08-17 16:40 . 2010-08-17 16:40 -------- d-----w- c:\users\Panfilo\AppData\Roaming\Malwarebytes
2010-08-17 16:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 16:39 . 2010-08-17 16:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-17 16:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 16:39 . 2010-08-19 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 16:06 . 2010-08-18 16:11 -------- d-----w- C:\MyBackup
2010-08-15 06:32 . 2010-08-15 06:32 72192 ----a-w- c:\windows\system32\drivers\omrsbiyw.sys
2010-08-14 15:07 . 2010-08-14 15:07 -------- d-----w- c:\program files\Trend Micro
2010-08-13 23:58 . 2010-08-13 23:58 72192 ----a-w- c:\windows\system32\drivers\rjrmiwdj.sys
2010-08-13 10:31 . 2010-08-13 10:31 72192 ----a-w- c:\windows\system32\drivers\ekevxrun.sys
2010-08-13 01:07 . 2010-08-14 16:00 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-12 21:09 . 2010-08-12 21:09 72192 ----a-w- c:\windows\system32\drivers\gqbrfkzn.sys
2010-08-12 06:34 . 2010-08-12 06:34 72192 ----a-w- c:\windows\system32\drivers\izaqysai.sys
2010-08-12 03:47 . 2010-08-12 03:47 72192 ----a-w- c:\windows\system32\drivers\vcqfrjgf.sys
2010-08-12 03:24 . 2010-08-12 03:24 72192 ----a-w- c:\windows\system32\drivers\sovjfnzz.sys
2010-08-12 03:09 . 2010-08-12 03:09 72192 ----a-w- c:\windows\system32\drivers\ourjibcw.sys
2010-08-12 00:07 . 2010-08-12 00:11 -------- d-----w- c:\windows\system32\catroot2(97)
2010-08-06 23:36 . 2010-08-06 23:45 -------- d-----w- c:\users\Panfilo\AppData\Local\._Revolution_
2010-08-06 23:36 . 2010-08-06 23:36 -------- d-----w- c:\program files\NightScaper
2010-08-04 21:37 . 2010-08-04 21:37 -------- d-----w- c:\programdata\ATI
2010-08-04 21:26 . 2010-08-04 21:29 -------- d-----w- c:\program files\ATI
2010-08-04 21:26 . 2010-08-04 21:26 -------- d-----w- C:\ATI
2010-07-26 00:11 . 2010-08-12 00:22 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:58 . 2010-06-28 03:32 -------- d-----w- c:\users\Panfilo\AppData\Roaming\SoftGrid Client
2010-08-21 07:03 . 2008-09-25 19:28 -------- d-----w- c:\program files\Microsoft Works
2010-08-21 07:02 . 2008-10-05 21:16 -------- d-----w- c:\programdata\Microsoft Help
2010-08-19 17:53 . 2008-09-27 22:14 -------- d-----w- c:\program files\MSN Games
2010-08-19 17:15 . 2008-09-29 01:41 -------- d-----w- c:\program files\Electronic Arts
2010-08-19 17:06 . 2008-09-25 19:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 17:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-19 16:52 . 2008-09-25 19:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 05:13 . 2008-09-27 19:23 118264 ----a-w- c:\users\Panfilo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-14 16:01 . 2008-09-25 19:24 -------- d-----w- c:\program files\Google
2010-08-12 02:55 . 2009-10-15 00:17 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-08-12 00:22 . 2009-04-28 01:28 -------- d-----w- c:\programdata\NOS
2010-08-12 00:22 . 2010-03-23 00:09 -------- d-----w- c:\program files\Haali
2010-08-12 00:21 . 2008-09-25 19:18 -------- d-----w- c:\program files\ATI Technologies
2010-08-06 01:35 . 2009-01-26 21:38 -------- d-----w- c:\programdata\Skype
2010-07-15 07:01 . 2010-06-28 03:31 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-07-14 07:58 . 2010-06-28 07:06 -------- d-----w- c:\programdata\VirtualizedApplications
2010-07-14 00:21 . 2010-05-17 16:15 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 00:21 . 2010-05-17 01:45 -------- d-----w- c:\programdata\DivX
2010-07-14 00:21 . 2010-07-14 00:21 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-14 00:21 . 2008-12-28 18:12 -------- d-----w- c:\program files\DivX
2010-07-14 00:21 . 2010-07-14 00:21 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-14 00:20 . 2010-07-14 00:20 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-14 00:17 . 2010-05-17 01:47 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-14 00:17 . 2010-05-17 01:47 1090856 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-30 07:01 . 2009-12-09 21:39 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 04:17 . 2008-10-05 21:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 03:32 . 2010-06-28 03:26 -------- d-----w- c:\users\Panfilo\AppData\Roaming\TP
2010-06-26 06:05 . 2010-08-20 20:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-20 20:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-20 20:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-20 20:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-20 20:55 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-20 20:55 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-20 20:55 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-20 20:55 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 10:56 . 2010-06-16 10:56 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-16 10:56 . 2010-06-16 10:56 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 21:07 . 2010-06-11 21:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 16:16 . 2010-08-20 20:55 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-20 20:55 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-20 20:55 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-20 20:55 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 17:37 . 2009-12-09 21:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 20:08 . 2010-08-20 20:55 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-10 04:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 04:36 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-09-25 19:17 . 2008-09-25 19:17 74 --sh--r- c:\windows\CT4CET.bin
2008-09-25 22:49 . 2008-09-25 22:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Panfilo\AppData\Local\._Revolution_ ----
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 21st, 2010, 9:58 am

ComboFix Log Part 2

((((((((((((((((((((((((((((( SnapShot@2010-08-20_16.37.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-20 20:55 . 2010-05-28 16:14 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\iccvid.dll
+ 2010-08-20 20:55 . 2010-05-27 20:08 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\iccvid.dll
+ 2010-08-20 20:55 . 2010-05-27 19:11 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\iccvid.dll
+ 2010-08-20 20:55 . 2010-05-27 19:16 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\iccvid.dll
+ 2010-08-20 20:55 . 2010-06-18 14:50 99328 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22715_none_045a07e92948400f\srvnet.sys
+ 2010-08-20 20:55 . 2010-06-18 18:00 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.22427_none_0f77105600c85cb8\rtutils.dll
+ 2010-08-20 20:55 . 2010-06-18 17:31 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77\rtutils.dll
+ 2010-08-20 20:55 . 2010-06-18 16:38 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.22715_none_0d996dc6039bb8f5\rtutils.dll
+ 2010-08-20 20:55 . 2010-06-18 16:43 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18495_none_0cb94dceeabefe65\rtutils.dll
+ 2010-08-20 20:54 . 2010-06-16 15:56 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPKCLNT.SYS
+ 2010-08-20 20:55 . 2010-06-17 18:30 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2EXT.dll
+ 2009-09-18 10:29 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\WMM2EXT.dll
+ 2010-08-20 20:55 . 2010-06-17 17:24 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\WMM2EXT.dll
+ 2010-08-20 20:54 . 2010-06-16 14:01 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22425_none_887cb1b81bbc94f9\tcpipreg.sys
+ 2010-08-20 20:55 . 2010-06-26 06:48 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\iesetup.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\iernonce.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\iesetup.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\iernonce.dll
+ 2010-08-20 20:55 . 2010-06-26 05:12 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23040_none_df9547f309cd816b\msfeedssync.exe
+ 2010-08-20 20:55 . 2010-06-26 06:49 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23040_none_df9547f309cd816b\msfeedsbs.dll
+ 2010-08-20 20:55 . 2010-06-26 04:24 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18943_none_df0ed5c9f0acf78b\msfeedssync.exe
+ 2010-08-20 20:55 . 2010-06-26 06:03 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18943_none_df0ed5c9f0acf78b\msfeedsbs.dll
+ 2010-08-20 20:55 . 2010-06-26 06:51 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\WininetPlugin.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\jsproxy.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\WininetPlugin.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\jsproxy.dll
+ 2008-01-21 01:58 . 2010-08-21 13:09 61828 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-08-21 13:09 85254 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-08-20 16:38 85254 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-27 19:23 . 2010-08-21 13:09 13496 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972471545-778204691-3294514810-1000_UserData.bin
+ 2010-08-20 20:55 . 2010-06-26 04:24 13312 c:\windows\System32\msfeedssync.exe
- 2010-06-10 04:36 . 2010-05-04 04:30 13312 c:\windows\System32\msfeedssync.exe
- 2010-06-10 04:36 . 2010-05-04 05:56 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-10 04:36 . 2010-05-04 05:59 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-10 04:36 . 2010-05-04 05:55 25600 c:\windows\System32\jsproxy.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 25600 c:\windows\System32\jsproxy.dll
- 2010-06-10 04:36 . 2010-05-04 05:55 55808 c:\windows\System32\iernonce.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 55808 c:\windows\System32\iernonce.dll
- 2010-08-20 16:24 . 2010-08-20 16:24 24898 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-08-21 12:59 . 2010-08-21 12:59 24898 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2008-09-27 19:10 . 2010-08-21 13:00 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-27 19:10 . 2010-08-20 16:25 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-09 02:20 . 2010-08-19 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 02:20 . 2010-08-20 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-09 02:20 . 2010-08-19 16:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 02:20 . 2010-08-20 18:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-09 02:20 . 2010-08-19 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-09 02:20 . 2010-08-20 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 21:30 . 2010-08-20 16:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 21:30 . 2010-08-21 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 21:30 . 2010-08-21 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-04 21:30 . 2010-08-20 16:25 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 21:30 . 2010-08-21 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 21:30 . 2010-08-20 16:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-13 22:26 . 2010-07-15 07:01 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-05 22:46 . 2010-06-10 04:44 35088 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-05 22:46 . 2010-08-21 07:01 35088 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-05 22:46 . 2010-08-21 07:01 18704 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-05 22:46 . 2010-06-10 04:44 18704 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-05 22:46 . 2010-06-10 04:44 20240 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-05 22:46 . 2010-08-21 07:01 20240 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\55c8436ffe7fbe8c883b6b415ebe6e5d\WindowsLiveWriter.ni.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\256592098fd545ebc4e3476e545efebf\WindowsLive.Writer.Api.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 45056 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\9ad600efcd878e63f79a67f9d23da248\UIXControls.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\cf552934b75cb6b61f08e3354af8ab38\UIAutomationProvider.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f393e672479ce6ba2f7dfb5e4f3116b7\System.Windows.Presentation.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5cd985c876a7bffc61898614694059c\System.Web.DynamicData.Design.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\04bea9cca189a163d0c16e891ad2fdc8\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\a899daa177f7bf5c6958dc5969e3a3de\System.AddIn.Contract.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\e6acb23a203e892f501d0924fcc12f2c\stdole.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\156b0418acf284f30f7602a8378b52fd\PresentationFontCache.ni.exe
+ 2010-08-21 07:27 . 2010-08-21 07:27 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5d23c64bac1fd4b0b2bcb1b9d83e6cf6\PresentationCFFRasterizer.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\b8c20b6ea36a8097e743cd22a16de151\napcrypt.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\008cd7119d80616a98d0db1c5a516415\Microsoft.WSMan.Runtime.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\c648ec7ca268d909186339d7002c0810\Microsoft.Vsa.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\8133699911f51e80280dfeab3e5d7ab4\Microsoft.VisualC.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a356e8fb2f59ff46079840306184cbcb\Microsoft.Build.Framework.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3c2132d7b78b099112e669342aff5524\Microsoft.Build.Framework.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\406368ba3f73633200eea9195292a828\loadmxf.ni.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\5602e95333639ce92b0dd1ea5d7fde7a\ehiUserXp.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\a46cac19a4d8b6b690fdf79b3617f292\ehiReplay.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\4c5668bbcf91950113bf75e5a31a4dc4\ehiExtCOM.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\a5996401de2fe555bf9f1a3356603c62\ehExtCOM.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1885a95e9314f393e86670da9930e08f\dfsvc.ni.exe
+ 2010-08-21 07:25 . 2010-08-21 07:25 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2565dad071661e3881888abd594e9e9d\Accessibility.ni.dll
+ 2010-08-20 20:55 . 2010-06-11 16:31 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3r.dll
+ 2010-08-20 20:55 . 2010-06-11 15:25 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3r.dll
+ 2010-08-21 12:59 . 2010-08-21 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-20 16:25 . 2010-08-20 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-20 16:25 . 2010-08-20 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-21 12:59 . 2010-08-21 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-20 20:55 . 2010-05-19 11:41 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_fcfd41ec14d22069\SOS.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_13d1b793fb247173\SOS.dll
+ 2010-08-20 20:55 . 2010-05-19 11:39 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22409_none_142efa2b20dd4454\mscordacwks.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18260_none_2b036fd3072f955e\mscordacwks.dll
+ 2010-08-20 20:55 . 2010-05-28 16:14 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\ir32_32.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\ir32_32.dll
+ 2010-08-20 20:55 . 2010-05-27 19:11 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\ir32_32.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\ir32_32.dll
+ 2010-08-20 20:54 . 2010-06-16 16:39 912776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
+ 2010-08-20 20:54 . 2010-06-16 16:04 905088 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
+ 2010-08-20 20:54 . 2010-06-16 15:55 902032 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
+ 2010-08-20 20:54 . 2010-06-16 15:59 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
+ 2010-08-20 20:55 . 2010-06-18 15:14 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.22427_none_dc4e15b40cc980e1\srv2.sys
+ 2010-08-20 20:55 . 2010-06-18 15:04 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.18274_none_db8b6688f3d723a0\srv2.sys
+ 2010-08-20 20:55 . 2010-06-18 14:51 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.22715_none_da7073240f9cdd1e\srv2.sys
+ 2010-08-20 20:55 . 2010-06-18 14:43 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.18495_none_d990532cf6c0228e\srv2.sys
+ 2010-08-20 20:55 . 2010-06-18 15:14 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.22427_none_dc58e5a00cc164f0\srv.sys
+ 2010-08-20 20:55 . 2010-06-18 15:04 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.18274_none_db963674f3cf07af\srv.sys
+ 2010-08-20 20:55 . 2010-06-18 14:51 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22715_none_da7b43100f94c12d\srv.sys
+ 2010-08-20 20:55 . 2010-06-18 14:43 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18495_none_d99b2318f6b8069d\srv.sys
+ 2010-08-20 20:55 . 2010-06-11 16:33 275456 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22422_none_2472c5e16b952529\schannel.dll
+ 2010-08-20 20:55 . 2010-06-11 16:16 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18269_none_23c4e9865291a95d\schannel.dll
+ 2010-08-20 20:55 . 2010-06-11 15:26 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22709_none_22a8f5d76e584984\schannel.dll
+ 2010-08-20 20:55 . 2010-06-11 15:31 274432 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18490_none_21b5035a558bc6d6\schannel.dll
+ 2010-08-20 20:54 . 2010-06-16 15:11 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\IKEEXT.DLL
+ 2010-08-20 20:54 . 2010-06-16 15:10 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPUCLNT.DLL
+ 2010-08-20 20:54 . 2010-06-16 15:09 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\BFE.DLL
+ 2010-08-20 20:54 . 2010-06-16 15:55 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22713_none_571d45f6ce707e09\netio.sys
+ 2010-08-20 20:55 . 2010-06-17 18:30 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2AE.dll
+ 2010-08-20 20:55 . 2010-06-17 16:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.exe
+ 2009-09-18 10:29 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\WMM2AE.dll
+ 2010-08-20 20:55 . 2010-06-17 16:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.exe
+ 2010-08-20 20:55 . 2010-06-17 17:24 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2AE.dll
+ 2010-08-20 20:55 . 2010-06-17 16:03 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\WMM2AE.dll
+ 2010-08-20 20:55 . 2010-06-17 15:49 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.exe
+ 2010-08-20 20:55 . 2010-06-26 06:48 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieui.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieui.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.23040_none_fed972b9e90803d9\iesysprep.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18943_none_fe530090cfe779f9\iesysprep.dll
+ 2010-08-20 20:55 . 2010-06-26 05:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\ie4uinit.exe
+ 2010-08-20 20:55 . 2010-06-26 04:24 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\ie4uinit.exe
+ 2010-08-20 20:55 . 2010-06-26 06:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23040_none_2aeb0342bb8fade9\sqmapi.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18943_none_2a649119a26f2409\sqmapi.dll
+ 2010-08-20 20:55 . 2010-06-26 06:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23040_none_1a6dc115432e9357\occache.dll
+ 2010-08-20 20:55 . 2010-06-26 06:04 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18943_none_19e74eec2a0e0977\occache.dll
+ 2010-08-20 20:55 . 2010-06-26 06:52 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
+ 2010-08-20 20:55 . 2010-06-26 05:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\ieUnatt.exe
+ 2010-08-20 20:55 . 2010-06-26 06:06 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
+ 2010-08-20 20:55 . 2010-06-26 04:25 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\ieUnatt.exe
+ 2010-08-20 20:55 . 2010-06-26 06:48 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.23040_none_2ad488dec9448079\IEShims.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18943_none_2a4e16b5b023f699\IEShims.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.23040_none_73763d48799c1a0b\ieproxy.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18943_none_72efcb1f607b902b\ieproxy.dll
+ 2010-08-20 20:55 . 2010-06-26 06:49 599040 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.23040_none_432de3356981e244\msfeeds.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 599040 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18943_none_42a7710c50615864\msfeeds.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.23040_none_1eec65b96ee1dbcd\iedvtool.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18943_none_1e65f39055c151ed\iedvtool.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.23040_none_200add98211957ee\iepeers.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18943_none_1f846b6f07f8ce0e\iepeers.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.23040_none_5797c5628688b053\iedkcs32.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18943_none_571153396d682673\iedkcs32.dll
+ 2010-08-20 20:55 . 2010-06-26 06:51 919040 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
+ 2010-08-20 20:55 . 2010-06-26 06:49 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.23040_none_c40cff8dab7e2868\mstime.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18943_none_c3868d64925d9e88\mstime.dll
+ 2006-11-02 10:33 . 2010-08-21 13:07 643112 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-20 16:32 643112 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-20 16:32 120044 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-08-21 13:07 120044 c:\windows\System32\perfc009.dat
- 2010-06-10 04:36 . 2010-05-04 05:58 206848 c:\windows\System32\occache.dll
+ 2010-08-20 20:55 . 2010-06-26 06:04 206848 c:\windows\System32\occache.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 611840 c:\windows\System32\mstime.dll
- 2010-06-10 04:36 . 2010-05-04 05:56 611840 c:\windows\System32\mstime.dll
- 2010-06-10 04:36 . 2010-05-04 05:56 599040 c:\windows\System32\msfeeds.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 599040 c:\windows\System32\msfeeds.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 164352 c:\windows\System32\ieui.dll
- 2010-06-10 04:36 . 2010-05-04 05:55 164352 c:\windows\System32\ieui.dll
- 2010-06-10 04:36 . 2010-05-04 05:55 184320 c:\windows\System32\iepeers.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 184320 c:\windows\System32\iepeers.dll
- 2010-06-10 04:36 . 2010-05-04 05:55 387584 c:\windows\System32\iedkcs32.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 387584 c:\windows\System32\iedkcs32.dll
- 2010-06-10 04:36 . 2010-05-04 04:30 173056 c:\windows\System32\ie4uinit.exe
+ 2010-08-20 20:55 . 2010-06-26 04:24 173056 c:\windows\System32\ie4uinit.exe
+ 2009-02-01 16:25 . 2010-08-21 07:21 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-01 16:25 . 2010-08-20 15:38 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-09-27 19:10 . 2010-08-21 13:00 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-27 19:10 . 2010-08-20 16:25 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 08:00 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-13 22:26 . 2010-07-15 07:01 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-05 22:46 . 2010-08-21 07:01 217864 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-05 22:46 . 2010-06-10 04:44 217864 c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-11-28 10:33 . 2007-11-28 10:33 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-11-28 10:34 . 2007-11-28 10:34 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-11-28 10:34 . 2007-11-28 10:34 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96e88a5f9dbbcfdb736568e69d43cff9\WsatConfig.ni.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\8ba6f84456635e008c28c42260b5b420\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e55e8408fcfc1d5e586497b1d1fe9b52\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d7a5322c914d88f9e822257bc4a5cbbd\WindowsLive.Writer.Controls.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cecd5f79243d9ecf3917df61ab9543a4\WindowsLive.Writer.Interop.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9d53c7601095d22f96d9c6004b56bd3\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1f1d5a93c6bcd8ae4c4ba9115debe67\WindowsLive.Writer.Localization.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a3064427d9b06b587e992cfce6371508\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83cb0f4707e5f2624e5c8702e733380c\WindowsLive.Writer.Passport.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\35b59a388e40aa0376ce0f03ce09944e\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2d0598d6be5ec5a6894d70d1d6c583b7\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\26cf558b4e37ebf4a8eb5d2452201889\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\221051a5eaf6c202f9b93d09b1d14aff\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1eb52b90f9f30add6ac3f0ee9004ea5b\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\199063f3fe3edfbdd9a53740d1fb3716\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\13c6954ee73703b9c2f4ac6bd030e658\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0241978dbb06026736d184af8cc331f2\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\943119b16c4125f4b67414a2952d4583\WindowsLive.Client.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\60ecc5c53d5ba77c9c40d01e5af58246\WindowsFormsIntegration.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9df5076cb69aeb3101fd624ad4f499b0\UIAutomationTypes.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a45d53185f7690a65a8c1bb758f14d40\UIAutomationClient.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\282b33969e987f3c2dafaa2e5c5f728b\TaskScheduler.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\5fc514748fdde7be8871044e0102f208\System.Xml.Linq.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\07efa566dfb7e3367085d310e55f677f\System.Web.Routing.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7735dbcd7f5280a01ec1e9ebfbfd9564\System.Web.RegularExpressions.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\cb9bb30db142c3f856202fae6efd755d\System.Web.Extensions.Design.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\309dc95f10521331d7813e54946d164d\System.Web.Entity.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3bbf6be655c227fed53b4d7c1758b741\System.Web.Entity.Design.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2598e27d1f0d6cf86b1f2ea605379b49\System.Web.DynamicData.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\371304d76734059d69e93c7c7c5f3f87\System.Web.Abstractions.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9f38a2b0adadce82d09209811af4043e\System.Transactions.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\b5d2d15c9453a01b8761bf19afd1ccb6\System.Security.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e6beeb0283ef0a1e2c1b65fa05bf2876\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6c2e750e360af7a54a6713cf66920869\System.Runtime.Remoting.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a151e0db5d00543aecc4eaae05d8c7b1\System.Net.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\dab204b4ba2212740f4c0f1563f37696\System.Messaging.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\7187abb11454f0dece04ed04dea43929\System.Management.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4aead7d6a1a6ab1c9e73c6c5f0dc8c1b\System.Management.Instrumentation.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\937481e0aef42993453207c3a0f8bc55\System.IO.Log.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\96102bf56b1e4d8924eac8818ea68820\System.IdentityModel.Selectors.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.Wrapper.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\373c6551ad640a1de178a5f7becd41fd\System.Drawing.Design.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a96524c7c097d56fcc70dd505debcc1d\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\51747c9fabada4a2f0c4def76613c6cd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\eed47170f4b867402cbb44915f45f298\System.Data.Services.Design.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3097f90ab5e29e5eb0d8c433000acf16\System.Data.Services.Client.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6c294d7fba114025a3f4f330cf541c7e\System.Data.Entity.Design.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e404c37e48fe5eafa395333520045a24\System.Data.DataSetExtensions.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5904e3d51b6d7628ed01c0f5345e5ff6\System.Configuration.Install.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b56f5ff3e814e0a4e83231153cde0d0e\System.AddIn.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\aa85f92b421a8ca0af79b376f37e51fb\sysglobl.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3229c727887ebc9f4065e0cd12d05e2d\SMSvcHost.ni.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\93c834845cbbddae777d614b2d0f8f95\SMDiagnostics.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\70e0d7f2c857c3566aa82053c199e696\ServiceModelReg.ni.exe
+ 2010-08-21 07:22 . 2010-08-21 07:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bc66d228134a22312c0e1b66dedb6355\PresentationFramework.Royale.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d23ebf0175664d7a8579e2762cae3d0\PresentationFramework.Luna.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60e971a87bbff522188ae9c6985f40b9\PresentationFramework.Aero.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2748627bab39e441420b5cdf329c6be1\PresentationFramework.Classic.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2f105c5bb0901401129bf03e8e71cc94\napsnap.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\974e310546d192d00c5fd8b1f9650e79\napinit.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\61baa41cfd0504ef33ec7e13df3c170d\naphlpr.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2a571636031f617332a0abbaf5c3f084\MSBuild.ni.exe
+ 2010-08-21 07:27 . 2010-08-21 07:27 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\d986a5602301ae525f12aab511e93c4e\MMCFxCommon.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a7e186f3f4cd626f3bb351d03488dbc2\Microsoft.WSMan.Management.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 863744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\cc100d187d00c620166413c96f91f3c4\Microsoft.Web.Authoring.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\28d7f58060857b4cf2c63be26048cb65\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eaee53b7d427502889a212b816ef1bd9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e64e0bfc4bb5ba177e140ea118bba1d5\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a528421be3cedbafeeae95b7e9491320\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a9afa1596f09efb40ee219ca55f88e6\Microsoft.PowerShell.Security.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\62c2d83ee6b7c341a7bbfba0ab33b560\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 227840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\9c02ac74b4f52ae5cf0f2660be7810be\Microsoft.MediaCenter.Shell.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5a227376c67a644a05e9154d3d850b2d\Microsoft.MediaCenter.Sports.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\15ee9ad3f763e25098d89605ba99702c\Microsoft.MediaCenter.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6f1906228f69deb64dd61d0e5131e503\Microsoft.ManagementConsole.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6c824af5aeae3dd7beb68403481e4067\Microsoft.Build.Utilities.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\287c1915da744bdf10ec4feb443d17cb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b6fc09b42edaabcc0f8f6ed5cd825736\Microsoft.Build.Engine.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9684b6d4d7467b94b04faf8e477bab0f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\c3c8102a4cbdea2ab1aa4d89bf86ed92\Mcx2Dvcs.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 254976 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\f07dac825e440c785869077bb7dcefed\mcupdate.ni.exe
+ 2010-08-21 07:27 . 2010-08-21 07:27 225280 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\45534af3333fa890ea204a596ae1e5e6\mcstoredb.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 642560 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\591041993cfe14fe8dcbea7d2081908f\mcstore.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\dbb5ef49b7916ce0a2cf60ff3afb5e70\EventViewer.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\132b716b550c2dc96f34cdf14ed8317a\ehiWUapi.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\b5f6733da0da72ead97a0f58e1b40df1\ehiwmp.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\0804b988efb74339c7d05caec7d6a174\ehiVidCtl.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 965632 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\d51895c8f10f165aa7d9d2cdb7dc0083\ehiProxy.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 565760 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\da82144c320425d06fa6ea20372cf368\ehiPlay.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\42a72017d8679378086420169f6ab2d6\ehiExtens.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\f1081a83479e0a0abedc41b910a01138\ehExtHost.ni.exe
+ 2010-08-21 07:26 . 2010-08-21 07:26 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\a2fc62ad63f3c13b83b6006db80641bd\ehepgdat.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\9fc65e7d119c6abccc56530451a61e5c\ehCIR.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\df51961ed496f46601dd0bb255a31161\CustomMarshalers.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7212937280ee06b0ef45b41651516be8\ComSvcConfig.ni.exe
+ 2010-08-21 07:25 . 2010-08-21 07:25 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\ba32856173defc992995032a2c8fe78b\BDATunePIA.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c36ac9c6cd9b8d58c34fa0c965770c18\AspNetMMCExt.ni.dll
+ 2010-08-20 20:55 . 2010-05-19 11:41 5819728 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_1b6ad74448dc3881\mscorwks.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 5813072 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_323f4cec2f2e898b\mscorwks.dll
+ 2010-08-20 20:55 . 2010-05-19 11:39 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22409_none_b0c40856db54d3fc\mscorlib.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18260_none_c7987dfec1a72506\mscorlib.dll
+ 2010-08-20 20:55 . 2010-06-21 13:47 2045952 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22428_none_bb55f649b0d3b032\win32k.sys
+ 2010-08-20 20:55 . 2010-06-21 13:37 2037760 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18275_none_ba93471e97e152f1\win32k.sys
+ 2010-08-20 20:55 . 2010-06-21 13:25 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22716_none_b97853b9b3a70c6f\win32k.sys
+ 2010-08-20 20:55 . 2010-06-21 13:18 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18496_none_b89833c29aca51df\win32k.sys
+ 2010-08-20 20:55 . 2010-06-08 18:04 3550600 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
+ 2010-08-20 20:55 . 2010-06-08 18:04 3601792 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
+ 2010-08-20 20:55 . 2010-06-08 17:35 3548040 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
+ 2010-08-20 20:55 . 2010-06-08 17:35 3600768 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
+ 2010-08-20 20:55 . 2010-06-08 16:47 3548552 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
+ 2010-08-20 20:55 . 2010-06-08 16:47 3600784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
+ 2010-08-20 20:55 . 2010-06-08 17:00 3545992 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
+ 2010-08-20 20:55 . 2010-06-08 17:00 3598216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
+ 2010-08-20 20:55 . 2010-06-11 16:31 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3.dll
+ 2010-08-20 20:55 . 2010-06-11 16:15 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3.dll
+ 2010-08-20 20:55 . 2010-06-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3.dll
+ 2010-08-20 20:55 . 2010-06-11 15:30 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 1987072 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23040_none_2aeb0342bb8fade9\iertutil.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 1986560 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18943_none_2a649119a26f2409\iertutil.dll
+ 2010-08-20 20:55 . 2010-06-26 06:49 5954560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23040_none_f68a6b855134f8c2\mshtml.dll
+ 2010-08-20 20:55 . 2010-06-26 06:03 5951488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18943_none_f603f95c38146ee2\mshtml.dll
+ 2010-08-20 20:55 . 2010-06-26 06:51 1211904 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23040_none_982a70c505d568f9\urlmon.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 1210368 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18943_none_97a3fe9becb4df19\urlmon.dll
+ 2010-08-20 20:55 . 2010-06-26 06:05 1210368 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2010-08-19 17:05 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-08-21 07:19 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-08-20 20:55 . 2010-06-26 06:03 5951488 c:\windows\System32\mshtml.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 1986560 c:\windows\System32\iertutil.dll
+ 2006-11-02 12:47 . 2010-08-21 07:21 1771864 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2010-06-10 05:01 1771864 c:\windows\System32\FNTCACHE.DAT
- 2008-09-27 19:10 . 2010-08-20 16:25 2064384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-27 19:10 . 2010-08-21 13:00 2064384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 12:47 . 2010-08-21 07:21 4296665 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2010-05-09 15:26 4296665 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-08-20 20:55 . 2010-05-21 10:56 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-12-11 08:00 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-07-09 21:28 . 2010-07-09 21:28 2151424 c:\windows\Installer\3213c65.msp
+ 2010-07-26 20:00 . 2010-07-26 20:00 5010944 c:\windows\Installer\3213c51.msp
+ 2010-07-11 00:14 . 2010-07-11 00:14 2850816 c:\windows\Installer\3213c2f.msp
+ 2010-05-13 22:26 . 2010-08-21 07:02 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-05-13 22:26 . 2010-08-21 07:02 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2010-05-13 22:26 . 2010-07-15 07:01 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-09-25 19:28 . 2009-06-12 07:04 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2008-09-25 19:28 . 2010-08-21 07:03 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-11-28 10:33 . 2007-11-28 10:33 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-08-21 07:29 . 2010-08-21 07:29 3671040 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\c97cb8bf268ca692ed528d4039278600\ZuneShell.ni.dll
+ 2010-08-21 07:29 . 2010-08-21 07:29 2179584 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\16e97724764964966eab85923e11d548\ZuneDBApi.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c5bffeeea9d8b8320db860253467c875\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a93190b54d7248e1118344f2009648cf\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ad48f22f6af91301b9209862ac8e3ad\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c7397dc3e95ddda32dd9ad6c3ce38019\WindowsBase.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 4542976 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\21ba34da325f24de54c875a0da576721\UIX.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1831936 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\34a6299ebd72893ced977cc6768861ad\UIX.RenderApi.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f599411410c58b574703eb522bc318e\UIAutomationClientsideProviders.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c2f18081b5d836e6231fd79b684a6f86\System.WorkflowServices.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\dd88f37f1c35c4c449dbbdacb8c5dccc\System.Workflow.Runtime.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\04a684bdfb5938f0052650cb253983bf\System.Workflow.ComponentModel.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\77e3806584727e882dd8f0d04beb2abe\System.Workflow.Activities.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2479988f1fa243fe4b9c8b261620191d\System.Web.Services.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7f1540fb7e3f32852e885e54e032d3cb\System.Web.Mobile.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1092e6f0382fd93a027cd450466971b1\System.Web.Extensions.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f030a2f4334cf1d2cd15f6f0c79985ae\System.Speech.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\cf2b1dc50e5b12378dcc342ecb1f4624\System.ServiceModel.Web.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ea3e8cee7c10a120515149a633a7a2de\System.Runtime.Serialization.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\8a321bc80e196ea1a25ecc4c0ce12568\System.Printing.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\70e9376b793bc8e1762db1ab8308b895\System.Management.Automation.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\7000f5568c75ad5357d7d443e265456b\System.IdentityModel.ni.dll
+ 2010-08-21 07:23 . 2010-08-21 07:23 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9f571d6b546818ce10a382f55137eaa7\System.DirectoryServices.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7fe837b36e9ba44dcee7b5465d17282e\System.Deployment.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\cc009a955f4b35c344c2f9aaf453f329\System.Data.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7916ad24cf12bd19b73abefe981a0e30\System.Data.SqlXml.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\0c5f04a4016dfaa3ac079f34bfaaf28b\System.Data.Services.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\fb8da45f3873169a502db3cb492b25a0\System.Data.OracleClient.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\94d9826184cb0d2772324c098814d218\System.Data.Linq.ni.dll
+ 2010-08-21 07:28 . 2010-08-21 07:28 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\17e7810a55cc31245af28625d1d8c666\System.Data.Entity.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f6e32268d4b0127287d722e41bb6b58b\System.Core.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c56cdd40df48edbfeb58f11f8ef023b9\ReachFramework.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\c0ae6dcf0d17a79db705a0cf01c8d301\PresentationUI.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\85dfa2585edc672cf9d66573de4ca266\PresentationBuildTasks.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\de94a577713ca374c08d2512d69e1643\Narrator.ni.exe
+ 2010-08-21 07:27 . 2010-08-21 07:27 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a301ed86595ddc85b07e4aab9cf4e251\MMCEx.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\3b25fb301c8ebd1da13b7769f6c6678e\MIGUIControls.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1602048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Desig#\1eb247cc49581ed6e3724397c2302435\Microsoft.Web.Design.Client.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2a92f46eb0e385a2eafd9b92ad0bedf4\Microsoft.VisualBasic.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\20ec66c02bbe2d66bfecb98b95394e02\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cdf8b7a90cc86fb3b4bb866b75d44f52\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3ff96258401faa3528524f124ac2f4e6\Microsoft.PowerShell.Editor.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0889ae9a52278774b2c0595ecc30c064\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\0cf5f49c556724a4506e989775020925\Microsoft.MediaCenter.UI.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\bca1f9fffa3059a8c36db7c1cd78ba8e\Microsoft.JScript.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\e2191bf9847c0a0af1410ff266678957\Microsoft.Ink.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6f49ce5533655922d675c3c957106c8\Microsoft.Build.Tasks.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\95d9b86433cabf54e4a7de11daa91030\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\00969e3f4559c1a79394b1170e158cbb\Microsoft.Build.Engine.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 1732608 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\34109895a5e9a9d3350e5662f1020279\ehRecObj.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\4f4ff2af819d88ddf166a5d98417686e\ehepg.ni.dll
- 2009-12-11 08:00 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-20 20:55 . 2010-05-21 10:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-20 20:55 . 2010-07-26 18:04 11587072 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-08-20 20:55 . 2010-07-26 15:51 11584512 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-08-20 20:55 . 2010-07-26 16:56 11586560 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-08-20 20:55 . 2010-07-26 16:55 11581440 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-08-20 20:55 . 2010-06-17 18:27 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.dll
+ 2010-08-20 20:55 . 2010-06-17 18:08 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.dll
+ 2010-08-20 20:55 . 2010-06-17 17:22 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.dll
+ 2010-08-20 20:55 . 2010-06-17 17:15 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.dll
+ 2010-08-20 20:55 . 2010-06-26 06:48 11078656 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieframe.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 11077120 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieframe.dll
+ 2010-08-20 20:55 . 2010-07-26 15:51 11584512 c:\windows\System32\shell32.dll
+ 2010-08-20 20:55 . 2010-06-26 06:02 11077120 c:\windows\System32\ieframe.dll
+ 2010-07-11 00:06 . 2010-07-11 00:06 10120192 c:\windows\Installer\3213c1a.msp
+ 2010-08-21 07:23 . 2010-08-21 07:23 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
+ 2010-08-21 07:25 . 2010-08-21 07:25 11801088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e1ea6e4d25161658e08fc8d2fa64ec73\System.Web.ni.dll
+ 2010-08-21 07:26 . 2010-08-21 07:26 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d1cad83b4223917ed45765ee942dc824\System.ServiceModel.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7964468060d9f7a9b177eb1c6827936a\System.Design.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c87cc40b22b2b014f9c0ade54773b6ea\PresentationFramework.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e53b9c43b17c02a75f2358a24047dd52\PresentationCore.ni.dll
+ 2010-08-21 07:22 . 2010-08-21 07:22 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
+ 2010-08-21 07:27 . 2010-08-21 07:27 11588096 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\533e0c125f72bccb38eac041552250bb\ehshell.ni.dll
+ 2009-06-03 07:00 . 2010-08-21 07:03 112757654 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" [2010-02-28 3207072]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-11-18 4269296]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\Panfilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-18 575488]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-25 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Panfilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\users\Panfilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,2a,06,4d,92,79,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1c9c1d52ef27fe8;Google Update Service (gupdate1c9c1d52ef27fe8);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 133104]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 16:29]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 16:29]

2010-08-20 c:\windows\Tasks\User_Feed_Synchronization-{DED468D6-25F1-4080-B2E6-6ACE4BED1E53}.job
- c:\windows\system32\msfeedssync.exe [2010-08-20 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsig ... &mkt=en-US
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Panfilo\AppData\Roaming\Mozilla\Firefox\Profiles\141y560w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://nzbmatrix.com/|http://www22.veri ... Login.aspx
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 09:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3972471545-778204691-3294514810-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,1e,d5,42,32,33,63,b3,05,67,4f,65,e4,a4,ae,0f,eb,67,9d,4b,9a,
4e,c2,0a,c2,74,c5,aa,1d,0a,13,f8,48,11,3d,02,88,5b,c9,e6,1f,c1,60,9b,04,32,\
"rkeysecu"=hex:f0,dd,eb,6d,51,1d,46,4f,14,d9,3b,30,72,fc,5f,63
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
q:\140062.enu\Office14\MSOSYNC.EXE
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
q:\140062.enu\Office14\ONENOTEM.EXE
c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
**************************************************************************
.
Completion time: 2010-08-21 09:10:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 13:10
ComboFix2.txt 2010-08-20 16:40

Pre-Run: 330,008,756,224 bytes free
Post-Run: 329,894,432,768 bytes free

- - End Of File - - CF461D014564AE8B2BAD88EB6BBDEEA9
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 21st, 2010, 10:02 am

No longer getting redirected when doing searches and windows updates is working. Thanks you for your help!

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:58 AM, on 8/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
Q:\140062.enu\Office14\MSOSYNC.EXE
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... &mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006204090000"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; OfficeLiveConnector.1.2; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?dwin=1&id=jigsawpuzzles"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... taller.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-us.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9785 bytes
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am

Re: Windows update error - redirected from web search links

Unread postby Cypher » August 21st, 2010, 10:16 am

Hi psanchez65.
Thanks you for your help!

You're welcome.
Ok things look good so far but we need to get some updates done then get one more scan to check for leftovers.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.

Next.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Java(TM) 6 Update 7

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 21.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Due to the vulnerabilities in earlier versions all versions numbered lower than 9.3.3 are vulnerable.
  • Go Here to download the installer for Adobe Reader and save AdbeRdrUpd933_all_incr.msp to a convenient location.
    Note! Uncheck Free McAfee® Security Scan Plus (optional)
  • Double-click AdbeRdrUpd933_all_incr.msp and follow the prompts to install Adobe Reader 9.3.3

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.
  • Note: Don't forget to Re-enable it after the below below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • HijackThis log.
  • ESET log.
  • Please give me one more update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows update error - redirected from web search links

Unread postby psanchez65 » August 21st, 2010, 11:22 am

Hello Cypher.

After clicking the Continue button to download Java SE (JRE) 6u21 I got a "Your download transaction cannot be approved. Contact Customer Service." what should I do next.

Here is the HJT Log after the fix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:27 AM, on 8/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\ehome\ehmsas.exe
Q:\140062.enu\Office14\MSOSYNC.EXE
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... &mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006204090000"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; OfficeLiveConnector.1.2; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?dwin=1&id=jigsawpuzzles"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... taller.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-us.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9623 bytes
psanchez65
Regular Member
 
Posts: 19
Joined: August 14th, 2010, 11:54 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware