Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Results Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search Engine Results Redirect

Unread postby melboy » April 7th, 2011, 2:16 am

Hi

jtg.1983 wrote:I don't think I'll ever buy a netbook ever again... Emergency discs are an indispensable tool in the internet age.


That limits our options, but we do have options. Combofix has installed the recovery console and there are USB based tools.


Re-run aswMBR

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while the scan will report "Scan finished successfully"
  • You should see the fixMBR button become active.
  • Click to fix the infection & and wait till the scanner reports "Infection fixed successfully"
  • click Save log & save the log to your desktop
  • Click EXIT & REBOOT your Computer immediately.
  • After reboot, copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 7th, 2011, 11:17 pm

Can that be run from safemode, if need be, and retain is effectiveness?
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 7th, 2011, 11:35 pm

Log posted below.... I don't think it worked.

By the by, I'm willing to try whatever you can think of to fix this, regardless of risk. Can't get any worse than it is now. Thanks again for your help, it's most appreciated.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 23:24:57
-----------------------------
23:24:57.078 OS Version: Windows 5.1.2600 Service Pack 3
23:24:57.078 Number of processors: 2 586 0x1C02
23:24:57.078 ComputerName: KITCHENCPU UserName: Family
23:25:03.484 Initialize success
23:25:19.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:25:19.031 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
23:25:19.062 Disk 0 MBR read successfully
23:25:19.078 Disk 0 MBR scan
23:25:19.140 Disk 0 scanning sectors +312560640
23:25:19.234 Disk 0 scanning C:\WINDOWS\system32\drivers
23:25:36.484 Service scanning
23:25:44.906 Disk 0 trace - called modules:
23:25:45.000 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862fa1ed]<<
23:25:45.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86346ab8]
23:25:45.062 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8635ebb0]
23:25:45.078 \Driver\SahdIa32[0x8636e098] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x862fa1ed
23:25:45.109 Scan finished successfully
23:26:29.125 Disk 0 Windows 501 MBR fixed successfully
23:27:42.328 Disk 0 Windows 501 MBR fixed successfully
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 8th, 2011, 2:33 am

jtg.1983 wrote:Log posted below.... I don't think it worked.

In what way do you not think it worked? Looking at the scan log the MBR fix was successful. Are you still getting redirected? Lets take a look, we still have options. When you boot you should see the option to enter the Recovery Console, let me know if you are able to boot to the Recovery Console. Then do re-run aswMBR as scan only.


aswMBR

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 9th, 2011, 9:42 pm

Still being redirected. When I said I don't believe it worked, my reasoning is as follows... after successfully running aswMBR.exe and selecting "Scan", after "Scan finished successfully" is displayed, I selected "fixMBR" as directed. Upon doing so, no processing occurs, it just instantly displays "Disk 0 Windows 501 MBR fixed successfully"

I'm not overly familiar with the Recovery Console.... it was installed by one of the Anti Malware programs... Upon booting to the recovery console, I find myself confronted with what appears to be an MS DOS prompt of sorts...

C:\WINDOWS\

Except that I can't figure out how to run aswMBR from this console.

** I can't help but notice that one of the available commands form the Recovery console is "FIXMBR"... I don't suppose that could be of any use?

I did run aswMBR again, albeit not from the recovery console. Log is below.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 23:24:57
-----------------------------
23:24:57.078 OS Version: Windows 5.1.2600 Service Pack 3
23:24:57.078 Number of processors: 2 586 0x1C02
23:24:57.078 ComputerName: KITCHENCPU UserName: Family
23:25:03.484 Initialize success
23:25:19.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:25:19.031 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
23:25:19.062 Disk 0 MBR read successfully
23:25:19.078 Disk 0 MBR scan
23:25:19.140 Disk 0 scanning sectors +312560640
23:25:19.234 Disk 0 scanning C:\WINDOWS\system32\drivers
23:25:36.484 Service scanning
23:25:44.906 Disk 0 trace - called modules:
23:25:45.000 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862fa1ed]<<
23:25:45.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86346ab8]
23:25:45.062 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8635ebb0]
23:25:45.078 \Driver\SahdIa32[0x8636e098] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x862fa1ed
23:25:45.109 Scan finished successfully
23:26:29.125 Disk 0 Windows 501 MBR fixed successfully
23:27:42.328 Disk 0 Windows 501 MBR fixed successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 23:31:01
-----------------------------
23:31:01.825 OS Version: Windows 5.1.2600 Service Pack 3
23:31:01.825 Number of processors: 2 586 0x1C02
23:31:01.840 ComputerName: KITCHENCPU UserName: Family
23:31:08.042 Initialize success
23:31:12.009 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:31:12.025 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
23:31:14.087 Disk 0 MBR read successfully
23:31:14.102 Disk 0 MBR scan
23:31:16.258 Disk 0 scanning sectors +312560640
23:31:16.383 Disk 0 scanning C:\WINDOWS\system32\drivers
23:31:29.426 Service scanning
23:31:32.175 Disk 0 trace - called modules:
23:31:32.191 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865171ed]<<
23:31:32.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86574ab8]
23:31:32.238 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> [0x8655e918]
23:31:32.254 \Driver\SahdIa32[0x86576f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865171ed
23:31:32.269 Scan finished successfully
23:31:44.125 Disk 0 Windows 501 MBR fixed successfully
23:32:47.170 Disk 0 Windows 501 MBR fixed successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-09 21:33:58
-----------------------------
21:33:58.562 OS Version: Windows 5.1.2600 Service Pack 3
21:33:58.562 Number of processors: 2 586 0x1C02
21:33:58.562 ComputerName: KITCHENCPU UserName: Family
21:34:18.453 Initialize success
21:34:25.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:34:25.437 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
21:34:27.468 Disk 0 MBR read successfully
21:34:27.484 Disk 0 MBR scan
21:34:29.515 Disk 0 scanning sectors +312560640
21:34:29.593 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:35.593 Service scanning
21:34:36.890 Disk 0 trace - called modules:
21:34:36.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865181ed]<<
21:34:36.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657aab8]
21:34:36.984 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> [0x86544bb0]
21:34:37.000 \Driver\SahdIa32[0x86540a08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865181ed
21:34:37.031 Scan finished successfully
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 10th, 2011, 8:08 am

jtg.1983 wrote:** I can't help but notice that one of the available commands form the Recovery console is "FIXMBR"... I don't suppose that could be of any use?

Yes, that was one of the other options I spoke of previously. ;)



FixMBR - Recovery Console

  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:

    fixmbr

    NOTE: If you are prompted asking "Are you sure you want to write a new MBR", type Y & press enter.

  6. At the next prompt, type the following bolded text, and press Enter:

    Exit

Restart the PC and boot into normal mode.



aswMBR

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Let me know if you are still being redirected.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 10th, 2011, 10:30 am

Still experiencing the redirect. Log below. This is the most insidious malware his the history of computation.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-10 10:25:26
-----------------------------
10:25:26.687 OS Version: Windows 5.1.2600 Service Pack 3
10:25:26.687 Number of processors: 2 586 0x1C02
10:25:26.687 ComputerName: KITCHENCPU UserName: Family
10:25:27.328 Initialize success
10:25:36.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:25:36.546 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
10:25:38.640 Disk 0 MBR read successfully
10:25:38.656 Disk 0 MBR scan
10:25:40.671 Disk 0 scanning sectors +312560640
10:25:40.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:25:46.546 Service scanning
10:25:49.062 Disk 0 trace - called modules:
10:25:49.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865121ed]<<
10:25:49.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86575ab8]
10:25:49.125 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> [0x86556bb0]
10:25:49.140 \Driver\SahdIa32[0x86559a08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865121ed
10:25:49.171 Scan finished successfully
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 10th, 2011, 1:37 pm

Hi

It may be Roxio's Back on track that is hindering our progress here due to something I have researched from a support article. I'll look further into that. In the meantime I want to rule out anything else that might be detectable by a couple of general scans.



TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 10th, 2011, 9:39 pm

Ran specified programs. No evil files or applications found. Re-direct continues. Boggles the mind. The Roxio hypothesis is interesting.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7081df05b5980e4585b645878f024b58
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-11 01:30:41
# local_time=2011-04-10 09:30:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 91825 91825 0 0
# compatibility_mode=5891 16776874 42 87 0 13589512 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66100
# found=0
# cleaned=0
# scan_time=4394


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6327

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/10/2011 6:37:12 PM
mbam-log-2011-04-10 (18-37-12).txt

Scan type: Quick scan
Objects scanned: 151816
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 11th, 2011, 2:51 am

Hi

I think Roxio BackOnTrack is restoring the bad MBR code. We'll remove it and then you can re-install it when we are done.


Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the program named below and click Remove
Roxio BackOnTrack



FixMBR - Recovery Console

  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:

    fixmbr

    • NOTE: If you are prompted asking "Are you sure you want to write a new MBR", type Y & press enter.

  6. At the next prompt, type the following bolded text, and press Enter:

    Exit

Restart the PC and boot into normal mode.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 11th, 2011, 7:14 am

Roxio removed.
Unexpectedly, following its removal, Recovery Console is no longer accessible at start up. The initial prompt/screen which allows one to select Windows XP or Recovery Console no longer appears.

Might I try the aswMBR program again? Perhaps it will be more effective now that Roxio is removed?
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 11th, 2011, 7:39 am

Update... In an attempt to make Win Recovery Console available, I ran ComboFix... as it installed the recovery console to begin with (if memory serves?)... and it detected rootkit activity, restarted, and ran completely NOT in safe mode (which heretofore had not been possible due to BSoD), and produced the following log.
ComboFix 11-04-10.03 - Family 04/11/2011 7:25.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.529 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-10 01:12 . 2011-04-04 03:12 566272 ----a-w- c:\windows\aswMBR.exe
2011-04-04 21:35 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 21:35 . 2011-04-04 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 04:01 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-02 04:01 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-31 05:42 . 2011-03-23 14:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31FB10FC-6760-43C0-8FFA-7F2B2C39EFE9}\mpengine.dll
2011-03-31 05:42 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-31 05:11 . 2011-03-31 05:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-31 04:57 . 2011-03-31 05:02 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-30 06:47 . 2011-03-30 06:47 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-30 06:47 . 2011-03-30 06:47 -------- d-----w- c:\program files\Trend Micro
2011-03-30 06:25 . 2011-03-30 15:13 -------- d-----w- C:\fixwareout
2011-03-30 06:24 . 2011-03-30 06:24 -------- d-sh--w- c:\documents and settings\Family\PrivacIE
2011-03-30 06:23 . 2011-03-30 06:23 -------- d-sh--w- c:\documents and settings\Family\IETldCache
2011-03-30 06:18 . 2011-03-30 06:21 -------- dc-h--w- c:\windows\ie8
2011-03-30 06:05 . 2011-03-30 06:05 -------- d-----w- C:\406d617140359f8588
2011-03-27 12:37 . 2011-03-27 12:37 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2011-03-27 12:37 . 2011-03-27 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-27 12:27 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 11:49 . 2011-03-27 11:49 -------- d-----w- c:\program files\Sophos
2011-03-27 03:10 . 2011-03-27 03:30 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-25 19:23 . 2011-03-25 19:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-25 14:35 . 2011-03-30 06:17 -------- d-----w- c:\program files\Google
2011-03-25 14:33 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-25 14:33 . 2011-03-25 14:33 -------- d-----w- c:\program files\AVAST Software
2011-03-25 14:01 . 2011-03-25 14:01 -------- d-----w- C:\22757301c2cec3b88f7921
2011-03-25 13:48 . 2011-03-25 13:48 -------- d-----w- C:\34d5f23ccae87fa8543c203eb8
2011-03-21 01:34 . 2011-03-21 01:34 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2011-03-21 01:17 . 2011-03-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 01:11 . 2011-03-21 02:06 -------- d-----w- c:\documents and settings\Administrator
2011-03-13 23:30 . 2011-03-13 23:30 -------- d-----w- c:\documents and settings\Family\Application Data\Template
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2011-02-09 13:53 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2011-02-09 13:53 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2011-02-02 07:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-01-27 11:57 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2011-01-21 14:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-31_04.48.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-05-06 23:30 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-05-06 23:30 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-05-06 23:30 . 2008-11-10 15:41 32656 c:\windows\system32\msonpmon.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-04-09 02:30 . 2011-04-09 02:30 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-05-06 23:45 . 2009-05-06 23:45 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-06 23:45 . 2009-05-06 23:45 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-04-09 02:30 . 2011-04-09 02:30 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-26 01:47 . 2010-06-26 01:47 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-26 01:47 . 2011-04-06 05:50 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2009-05-06 23:44 . 2009-05-06 23:44 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 13152 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F990_worksup.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 14176 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F839_WkImgL90.dll
+ 2006-10-26 21:03 . 2006-10-26 21:03 78648 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\INTLDATE.DLL
+ 2009-04-03 22:01 . 2009-04-03 22:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 21:57 . 2009-04-03 21:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-27 04:17 . 2006-10-27 04:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2006-10-27 05:58 . 2006-10-27 05:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-05-06 23:29 . 2009-05-06 23:29 12080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 64288 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 21:05 . 2006-10-26 21:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-27 02:49 . 2006-10-27 02:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 21:04 . 2006-10-26 21:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 21:05 . 2006-10-26 21:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 12112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 03:24 . 2006-10-27 03:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 03:24 . 2006-10-27 03:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 02:59 . 2006-10-27 02:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 11544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 12104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 20280 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 22:26 . 2006-10-27 22:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 02:56 . 2006-10-27 02:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-27 02:56 . 2006-10-27 02:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 22:01 . 2006-10-27 22:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 02:48 . 2006-10-27 02:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 21:04 . 2006-10-26 21:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 04:07 . 2006-10-27 04:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PXBPROXY.DLL
+ 2006-10-27 04:07 . 2006-10-27 04:07 67920 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PXBCOM.EXE
+ 2011-03-31 07:01 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-03-31 07:01 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-03-31 07:01 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-03-31 07:01 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-03-31 07:01 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2011-04-08 03:34 . 2011-04-08 03:34 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2011-04-08 03:35 . 2011-04-08 03:35 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2011-04-08 03:34 . 2011-04-08 03:34 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2011-03-31 04:27 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2009-05-06 23:30 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-05-06 23:30 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2011-03-31 04:27 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2011-03-31 04:27 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2008-06-25 01:16 . 2011-02-09 12:49 249496 c:\windows\system32\FNTCACHE.DAT
+ 2008-06-25 01:16 . 2011-04-09 02:25 249496 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-25 01:25 . 2010-10-25 01:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-31 04:27 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2011-03-31 04:27 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-03-31 04:27 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-03-31 04:27 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\30bd6.msp
+ 2010-07-23 05:03 . 2010-07-23 05:03 338432 c:\windows\Installer\21e99.msp
+ 2011-03-31 05:11 . 2011-03-31 05:11 786432 c:\windows\Installer\21167.msi
+ 2011-03-31 05:11 . 2011-03-31 05:11 479744 c:\windows\Installer\21161.msi
+ 2011-03-31 05:11 . 2011-03-31 05:11 301056 c:\windows\Installer\2115c.msi
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\1f751.msp
+ 2011-04-04 21:27 . 2011-04-04 21:27 248832 c:\windows\Installer\1e9f1.msi
- 2009-05-06 23:30 . 2009-05-06 23:31 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-06 23:30 . 2009-05-06 23:31 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-05-06 23:27 . 2009-05-06 23:27 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-04-06 22:57 . 2011-04-06 22:57 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-05-06 23:44 . 2009-05-06 23:44 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-05-06 23:44 . 2009-05-06 23:44 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-05-06 23:44 . 2009-05-06 23:44 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F366_wkcvqr01.dll
+ 2007-06-22 13:48 . 2007-06-22 13:48 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F365_wkcvqd01.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 132448 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22623_WkImg90.dll
+ 2007-06-22 13:48 . 2007-06-22 13:48 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-06-21 13:04 . 2007-06-21 13:04 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2009-04-03 21:57 . 2009-04-03 21:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12CVR.DLL
+ 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2011-04-08 03:35 . 2011-04-08 03:35 350064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2008-11-04 08:13 . 2008-11-04 08:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2006-10-26 21:05 . 2006-10-26 21:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 781104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 22:23 . 2006-10-27 22:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 21:05 . 2006-10-26 21:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-27 03:06 . 2006-10-27 03:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 03:13 . 2006-10-27 03:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2009-05-06 23:29 . 2009-05-06 23:29 248632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 04:07 . 2006-10-27 04:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 22:04 . 2006-10-27 22:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 04:30 . 2006-10-27 04:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-27 01:53 . 2006-07-27 01:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 03:23 . 2006-10-27 03:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 22:39 . 2006-10-27 22:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 03:32 . 2006-10-27 03:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 15:37 . 2006-10-20 15:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 416544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 03:06 . 2006-10-27 03:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 20:56 . 2006-10-26 20:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 02:50 . 2006-10-27 02:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 21:47 . 2006-10-26 21:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 20:56 . 2006-10-26 20:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 02:56 . 2006-10-27 02:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 21:59 . 2006-10-27 21:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 150320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 22:09 . 2006-10-27 22:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 02:48 . 2006-10-27 02:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 03:12 . 2006-10-27 03:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 22:41 . 2006-10-27 22:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 03:49 . 2006-10-27 03:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MOC.EXE
+ 2006-10-27 02:49 . 2006-10-27 02:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2011-03-31 07:01 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-03-31 07:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-03-31 07:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-03-31 07:02 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-03-31 07:02 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-03-31 07:02 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-03-31 07:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-03-31 07:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-03-31 07:00 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-03-31 07:01 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-03-31 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-03-31 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-03-31 07:01 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-03-31 07:01 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-03-31 07:01 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-03-31 07:01 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-03-31 07:01 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-03-31 07:01 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-03-31 07:01 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-03-31 07:01 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-04-08 03:33 . 2011-04-08 03:33 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2011-04-08 03:34 . 2011-04-08 03:34 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2011-04-10 14:26 . 2011-04-10 14:26 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-04-08 03:33 . 2011-04-08 03:33 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\system32\FM20.DLL
+ 2011-03-31 04:27 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2011-03-31 04:27 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-24 21:07 . 2010-04-24 21:07 4667392 c:\windows\Installer\30bff.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 1282560 c:\windows\Installer\30bfd.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\30bf6.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\30bed.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\30be7.msp
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\30bc6.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\2a4d6.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\2a4d4.msp
+ 2010-11-10 20:54 . 2010-11-10 20:54 2307584 c:\windows\Installer\243e5.msi
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\21e9b.msp
+ 2011-03-31 05:03 . 2011-03-31 05:03 2283008 c:\windows\Installer\21139.msi
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\20dc4.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\20dc2.msp
+ 2010-04-24 21:07 . 2010-04-24 21:07 4667392 c:\windows\Installer\20db1.msp
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\1f779.msp
+ 2010-08-13 22:01 . 2010-08-13 22:01 8993280 c:\windows\Installer\1f762.msp
+ 2010-08-13 22:00 . 2010-08-13 22:00 9404928 c:\windows\Installer\1f740.msp
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\1f72d.msp
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\1f44c.msp
+ 2010-08-13 21:59 . 2010-08-13 21:59 8182272 c:\windows\Installer\1f36e.msp
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\1f362.msp
+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\1f34a.msp
+ 2010-10-07 22:43 . 2010-10-07 22:43 1980416 c:\windows\Installer\1f33e.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\1f31b.msp
+ 2010-11-24 14:51 . 2010-11-24 14:51 2190336 c:\windows\Installer\1ea09.msp
- 2009-05-06 23:30 . 2009-05-06 23:31 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-06 23:30 . 2011-04-11 10:41 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-05-06 23:44 . 2009-05-06 23:44 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-05-06 23:44 . 2009-05-06 23:44 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2009-05-06 23:44 . 2011-04-04 21:28 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2007-06-22 13:44 . 2007-06-22 13:44 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 06:41 . 2008-11-10 06:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2006-10-26 21:05 . 2006-10-26 21:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 05:58 . 2006-10-27 05:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 06:00 . 2006-10-27 06:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 07:42 . 2006-09-30 07:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 21:57 . 2006-10-27 21:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 22:04 . 2006-10-27 22:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-27 03:07 . 2006-10-27 03:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 22:03 . 2006-10-27 22:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 03:24 . 2006-10-27 03:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 22:03 . 2006-10-27 22:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 03:14 . 2006-10-27 03:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 21:47 . 2006-10-26 21:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 22:10 . 2006-10-27 22:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 03:02 . 2006-10-27 03:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 02:21 . 2006-10-27 02:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 21:10 . 2006-10-26 21:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2009-05-06 23:29 . 2009-05-06 23:29 1276720 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 04:08 . 2006-10-27 04:08 1764112 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PPCNV.DLL
+ 2006-10-27 22:18 . 2006-10-27 22:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 03:42 . 2006-10-27 03:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2011-03-31 07:01 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-03-31 07:01 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-03-31 07:01 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2011-04-08 03:34 . 2011-04-08 03:34 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-12-21 09:29 . 2010-12-21 09:29 11080704 c:\windows\system32\ieframe.dll
+ 2010-12-21 09:29 . 2010-12-21 09:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-04-04 15:36 . 2009-04-04 15:36 21390848 c:\windows\Installer\2555a.msp
+ 2009-04-04 21:09 . 2009-04-04 21:09 15190016 c:\windows\Installer\25548.msp
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\243e6.msp
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\2113a.msp
+ 2011-04-06 05:47 . 2011-04-06 05:47 20304384 c:\windows\Installer\1f471.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\1f454.msp
+ 2011-04-04 21:28 . 2011-04-04 21:28 20303872 c:\windows\Installer\1ea13.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 36977152 c:\windows\Installer\1cd3f.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 38325760 c:\windows\Installer\1cd35.msp
+ 2010-11-10 16:49 . 2010-11-10 16:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2006-10-27 22:14 . 2006-10-27 22:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OART.DLL
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 22:46 . 2009-04-03 22:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2006-10-27 22:23 . 2006-10-27 22:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 22:07 . 2006-10-27 22:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2011-03-31 07:01 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\2a4ca.msp
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\2556b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-18 21:41 737280 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 21:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 21:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [3/27/2011 8:27 AM 18816]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/6/2009 7:23 PM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 10:36 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\lavasoft\Ad-Aware\AAWService.exe" --> d:\lavasoft\Ad-Aware\AAWService.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 14:35]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909066308-1455673721-3417402953-1006Core.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 16:53]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909066308-1455673721-3417402953-1006UA.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 16:53]
.
2011-04-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-04-11 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 07:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000114471C18635676C1D0C 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(112)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-11 07:34:41
ComboFix-quarantined-files.txt 2011-04-11 11:34
ComboFix2.txt 2011-03-31 04:50
.
Pre-Run: 147,694,657,536 bytes free
Post-Run: 147,691,335,680 bytes free
.
- - End Of File - - 4F0DD7F8AD8F49F35C02C2490E793B26
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 11th, 2011, 7:54 am

Hi

That looks very promising - How are things running now?


Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.



aswMBR

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.



In your next reply:
  1. DDS.txt
  2. aswMBR.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 11th, 2011, 8:25 am

Things seem to be working.... even the fatal error screen has stopped popping up. Amazing.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Family at 8:20:02.14 on Mon 04/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.492 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Family\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\documents and settings\family\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl9dacff12;MpKsl9dacff12;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db7aa7fd-b14f-4a80-81f0-9015d20b62db}\MpKsl9dacff12.sys [2011-4-11 28752]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-3-27 18816]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-6 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\lavasoft\ad-aware\aawservice.exe" --> d:\lavasoft\ad-aware\AAWService.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-04-11 11:50:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{db7aa7fd-b14f-4a80-81f0-9015d20b62db}\MpKsl9dacff12.sys
2011-04-11 11:50:28 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-11 11:50:01 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{db7aa7fd-b14f-4a80-81f0-9015d20b62db}\mpengine.dll
2011-04-11 11:43:46 -------- d-sh--w- c:\documents and settings\family\IECompatCache
2011-04-11 11:24:22 98816 ----a-w- c:\windows\sed.exe
2011-04-11 11:24:22 89088 ----a-w- c:\windows\MBR.exe
2011-04-11 11:24:22 256512 ----a-w- c:\windows\PEV.exe
2011-04-11 11:24:22 161792 ----a-w- c:\windows\SWREG.exe
2011-04-10 01:12:58 566272 ----a-w- c:\windows\aswMBR.exe
2011-04-04 21:35:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 21:35:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 04:01:10 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-02 04:01:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-02 04:01:09 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-31 07:00:49 -------- d-----w- c:\windows\ie8updates
2011-03-31 05:42:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-31 05:11:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-31 04:39:40 -------- d-sha-r- C:\cmdcons
2011-03-30 06:47:06 388096 ----a-r- c:\docume~1\family\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-30 06:47:05 -------- d-----w- c:\program files\Trend Micro
2011-03-30 06:25:46 -------- d-----w- C:\fixwareout
2011-03-30 06:24:08 -------- d-sh--w- c:\documents and settings\family\PrivacIE
2011-03-30 06:23:28 -------- d-sh--w- c:\documents and settings\family\IETldCache
2011-03-30 06:18:13 -------- dc-h--w- c:\windows\ie8
2011-03-30 06:05:38 -------- d-----w- C:\406d617140359f8588
2011-03-27 12:37:22 -------- d-----w- c:\docume~1\family\applic~1\SUPERAntiSpyware.com
2011-03-27 12:37:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-27 12:27:26 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 11:49:45 -------- d-----w- c:\program files\Sophos
2011-03-25 14:33:14 -------- d-----w- c:\program files\AVAST Software
2011-03-25 14:33:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-25 14:01:14 -------- d-----w- C:\22757301c2cec3b88f7921
2011-03-25 13:48:49 -------- d-----w- C:\34d5f23ccae87fa8543c203eb8
2011-03-21 01:34:14 -------- d-----w- c:\docume~1\family\applic~1\Malwarebytes
2011-03-21 01:17:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 8:20:32.59 ===============




aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-11 08:22:33
-----------------------------
08:22:33.296 OS Version: Windows 5.1.2600 Service Pack 3
08:22:33.296 Number of processors: 2 586 0x1C02
08:22:33.296 ComputerName: KITCHENCPU UserName: Family
08:22:33.921 Initialize success
08:22:37.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:22:37.140 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
08:22:39.203 Disk 0 MBR read successfully
08:22:39.218 Disk 0 MBR scan
08:22:41.234 Disk 0 scanning sectors +312560640
08:22:41.281 Disk 0 scanning C:\WINDOWS\system32\drivers
08:22:45.140 Service scanning
08:22:46.375 Disk 0 trace - called modules:
08:22:46.390 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:22:46.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8650fab8]
08:22:46.437 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86568d98]
08:22:46.468 Scan finished successfully
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 11th, 2011, 4:14 pm

Hi

Well done, that's great - How are things running?

A program to update and another quick scan with mbam now the rootkit has gone, then we should be just about done.



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.0.1
  • Install the new downloaded updated software.
  • Then using the internal updater ensure the software is updated to the current increment 10.0.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware