DDS (Ver_10-03-17.01) - NTFSX64 Run by Tor Einar at 19:35:56,25 on 16.08.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4094.2614 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\gearsec.exe C:\Program Files (x86)\Program\CDBurnerXP\NMSAccessU.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Program\AeroFoil\Aerofoil.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Program\Everything\Everything.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Program\spotify\spotify.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Tor Einar\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187 uSearch Bar = mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [Everything] "c:\program files (x86)\program\everything\Everything.exe" -startup mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [RunGCA] c:\program files (x86)\program\new folder\GCAStarter.exe mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\aerofoil.lnk - c:\program files (x86)\program\aerofoil\Aerofoil.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe AppInit_DLLs-X64: avgrssta.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\torein~1\appdata\roaming\mozilla\firefox\profiles\xrv25q8y.default\ FF - prefs.js: browser.startup.homepage - www.united.no FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files (x86)\program\voddler\plugin\npvoddler.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-14 69152] R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-3-9 1455648] R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-12-4 269904] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-12-4 35536] R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-12-4 317520] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264] R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-18 921952] R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-18 308136] R2 gearsec;gearsec;c:\windows\syswow64\gearsec.exe [2005-11-30 58952] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x64.sys [2009-11-13 67072] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-9-25 4749312] S2 RelevantKnowledge;RelevantKnowledge;c:\program files (x86)\relevantknowledge\rlservice.exe /service --> c:\program files (x86)\relevantknowledge\rlservice.exe [?] S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-3-9 250400] S3 cpudrv64;cpudrv64;c:\program files (x86)\systemrequirementslab\cpudrv64.sys [2009-12-18 17864] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-14 16928] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-20 1255736] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2008-4-29 56104] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2008-4-29 378664] S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-3-9 2326920] S4 VoddlerNet;VoddlerNet;c:\program files (x86)\program\voddler\service\voddler.exe [2010-7-15 1169104] =============== Created Last 30 ================ 2010-08-16 09:38:32 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-08-15 22:12:00 75 --sh--r- c:\windows\FFSSET.BIN 2010-08-15 09:30:40 1371836 ----a-w- C:\Everything.db 2010-08-14 20:15:21 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-08-14 20:14:25 0 d-----w- c:\users\torein~1\appdata\roaming\Malwarebytes 2010-08-14 20:14:17 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 20:14:17 0 d-----w- c:\programdata\Malwarebytes 2010-08-14 20:14:17 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-08-14 19:50:26 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-08-14 19:50:11 0 d-----w- c:\programdata\Lavasoft 2010-08-14 19:50:11 0 d-----w- c:\program files (x86)\Lavasoft 2010-08-12 23:28:11 463360 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 23:28:11 404992 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 23:28:11 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-12 23:28:09 340992 ----a-w- c:\windows\system32\schannel.dll 2010-08-12 23:28:09 224256 ----a-w- c:\windows\syswow64\schannel.dll 2010-08-12 23:28:00 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-12 23:08:15 0 d-----w- c:\programdata\Sports Interactive 2010-08-12 23:07:41 0 d-----w- c:\users\torein~1\appdata\roaming\Sports Interactive 2010-08-12 22:46:26 0 d--h--w- c:\program files (x86)\Zero G Registry 2010-08-12 22:45:38 0 d--h--w- c:\users\tor einar\InstallAnywhere 2010-08-10 00:15:00 12867584 ----a-w- c:\windows\syswow64\shell32.dll 2010-08-09 23:43:22 5 ----a-w- C:\zrpt.xml 2010-08-09 23:42:24 0 d-----w- c:\users\torein~1\appdata\roaming\072AB882B4D5B411B8E67AE06F8B395A 2010-08-03 17:59:03 0 d-----w- c:\program files (x86)\common files\Real 2010-08-03 17:59:02 0 d-----w- c:\programdata\Real 2010-07-31 22:34:42 1554944 ----a-w- c:\windows\syswow64\vorbis.acm 2010-07-20 23:07:29 0 d-----w- c:\windows\pss 2010-07-20 21:59:57 0 d-----w- c:\users\torein~1\appdata\roaming\Thinstall 2010-07-19 12:01:56 0 d-----w- c:\programdata\Voddler 2010-07-18 14:49:31 144384 ----a-w- c:\windows\system32\cdd.dll 2010-07-18 09:54:30 13048 ----a-w- c:\windows\system32\avgrssta.dll ==================== Find3M ==================== 2010-08-16 17:18:23 74980 ----a-w- c:\windows\system32\perfc014.dat 2010-08-16 17:18:23 451126 ----a-w- c:\windows\system32\perfh014.dat 2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll 2010-07-18 09:54:31 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2010-07-18 09:54:19 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll 2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll 2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll 2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll 2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll 2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll 2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe 2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll 2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys 2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll 2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-04-05 22:18:28 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2010-04-05 22:18:28 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2010-04-05 22:18:28 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2010-04-05 22:18:28 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-02-13 19:16:26 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:36:43,26 ===============