Need help analyzing my HP laptop

Corrine · February 14, 2012, 02:19:45 AM

Hi, JDBush61.

You're welcome. Time zones, work schedules and real life can make communications difficult at times. Even so, we'll manage.

Thank you for the kind words about our little help forum, lovingly referred to as LzD. :)

There are a couple of entries in your log that look "strange" since there is not enough information to determine what they are. With the help of ComboFix, I'm hoping that there will be a much clearer picture. In addition, ComboFix is excellent at removing "left overs".

You are wise in not making changes to your computer if you do not know what the end result will be. We'll take a closer look at your start-up list later in the process.

You are correct. Although I will comment if I am aware of "issues" with a particular software program, whether it be an antivirus or other program, it is your computer not mine and it isn't up to me to push my preferences on you or anyone else. That said, yes, I do have favorites and particularly like ESET. Although any security software can have false/positives (incorrectly identifying a legitimate file as malware), ESET has very few f/p's.

JDBush61 · February 14, 2012, 08:01:26 PM

Quote from: Corrine on February 14, 2012, 02:19:45 AM
Hi, JDBush61.

You're welcome. Time zones, work schedules and real life can make communications difficult at times. Even so, we'll manage.

Thank you for the kind words about our little help forum, lovingly referred to as LzD. :)

There are a couple of entries in your log that look "strange" since there is not enough information to determine what they are. With the help of ComboFix, I'm hoping that there will be a much clearer picture. In addition, ComboFix is excellent at removing "left overs".

You are wise in not making changes to your computer if you do not know what the end result will be. We'll take a closer look at your start-up list later in the process.

You are correct. Although I will comment if I am aware of "issues" with a particular software program, whether it be an antivirus or other program, it is your computer not mine and it isn't up to me to push my preferences on you or anyone else. That said, yes, I do have favorites and particularly like ESET. Although any security software can have false/positives (incorrectly identifying a legitimate file as malware), ESET has very few f/p's.

Hello Corrine,

First, I followed your instructions to restore the correct screen file association for .scr, and that went successfully. I did not try again to download and run the DDS.scr file, as you did not request that I do, and I imagined that the RSIT logs maybe gave you similar information.

Moving on from there, I followed all of the ComboFix instructions to a "t", and everything seemed to go well. Below, please find the data of the ComboFix.txt log that was generated. By the way, I now have many new files, logs, and programs sitting on my desktop (and probably located elsewhere on this machine); e.g., ComboFix, RSIT, HijackThis, and the SecurityCheck.exe file. Should these now be deleted from my machine, or should I keep them all for later reference/use?

Anyway, here is the ComboFix log. Very eager to learn what you suggest for next steps. Also, much thanks for your reply regarding security software. In addition, I am looking forward to your opinion regarding the start-up list, yet first things first.

ComboFix 12-02-13.01 - hp 02/15/2012 4:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.117 [GMT 9:00]
Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0411.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-13 17:43 . 2012-02-13 17:44   --------   d-----w-   C:\rsit
2012-02-13 17:34 . 2012-02-13 17:34   388096   ----a-r-   c:\documents and settings\hp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-13 17:34 . 2012-02-13 17:43   --------   d-----w-   c:\program files\Trend Micro
2012-02-12 06:22 . 2011-11-09 18:27   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-11 17:22 . 2012-02-11 17:22   --------   d-----w-   c:\program files\Common Files\xing shared
2012-02-11 16:45 . 2012-02-11 16:45   --------   d-----w-   c:\documents and settings\hp\Local Settings\Application Data\Secunia PSI
2012-02-11 14:14 . 2012-02-11 14:14   --------   d-----w-   c:\documents and settings\hp\Application Data\IObit
2012-02-11 13:26 . 2012-02-11 13:26   --------   d-----w-   c:\documents and settings\hp\Application Data\WinPatrol
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\program files\BillP Studios
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-02-11 12:07 . 2012-02-11 12:43   24064   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2012-02-09 16:31 . 2011-12-10 06:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-05 17:39 . 2012-02-05 17:39   --------   d-----w-   c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2012-01-31 22:42 . 2012-02-01 11:15   --------   d-----w-   c:\windows\system32\drivers\N360\0502000.00D
2012-01-22 23:19 . 2012-01-22 23:19   --------   d-----w-   c:\program files\iPod
2012-01-22 23:19 . 2012-01-22 23:20   --------   d-----w-   c:\program files\iTunes
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 23:07 . 2012-01-22 23:09   --------   d-----w-   c:\program files\QuickTime
2012-01-22 14:07 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\hp\Application Data\Skype
2012-01-22 14:05 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2012-01-16 22:54 . 2012-01-16 22:54   --------   d-----w-   c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-02-28 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-11 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-1-23 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/1/2012 7:43 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/1/2012 7:43 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [2/9/2012 2:50 PM 820344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 1:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 6:55 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/1/2012 7:43 AM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 8:38 AM 116608]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 9:00 PM 14336]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2/1/2012 7:42 AM 130008]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 2:34 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120211.002\IDSXpx86.sys [2/15/2012 3:28 AM 356280]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/11/2012 9:07 PM 24064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8F.tmp --> c:\windows\system32\8F.tmp [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:57]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{4A8F4CFB-E03B-4265-81DB-20389E914523}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 04:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????W???? ?n??|?????? ??4B?*Spammer*?hB? ????W?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8F.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\WININET.dll
c:\program files\NORTON 360\ENGINE\5.2.0.13\Microsoft.VC90.CRT\MSVCR90.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DllHost.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-15 04:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 19:34
.
Pre-Run: 13,640,892,416 bytes free
Post-Run: 13,705,936,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C2267A991F8E9EC0E2AAA4436E7854FA

Corrine · February 15, 2012, 12:30:12 AM

Hi, JDBush61.

Please confirm that you ran Sophos Anti-Rootkit software.

Regarding the downloaded files on your desktop, please leave ComboFix until I give you removal instructions for it. As to the others:

SecurityCheck, you can remove it now (right-click and select delete) because I am about to provide instructions from the information included in that log.
HijackThis can be uninstalled if you wish.
For RSIT, fight-click and delete the icon on the desktop and also delete the folder located at C:RSIT

Adobe Reader is out of date and has had numerous security updates. Either install the latest version of Adobe Reader from http://www.adobe.com/products/reader/ or switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/. Others include Nitro Reader and Sumatra PDF. Personally, I have been using Sumatra PDF for several years and have found it to be not only a smaller/lighter option but also not nearly the target of malware.

Edit Note: Oracle Java was just updated today to Java 6u31 and includes critical security updates. Please install that or upgrade to Java 7u3, which appears is no longer developer prevue. You can get Java SE 7u3 from http://www.oracle.com/technetwork/java/javase/downloads/jre-7u3-download-1501631.html (select Windows x86 Offline 19.38 MB jre-7u3-windows-i586.exe). After installation, check that Java 6u30 was uninstalled. If not, please remove it.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


Folder::
C:\Documents and Settings\hp\Application Data\IObit

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Corrine · February 15, 2012, 02:28:08 AM

In case you've already seen my reply, please note the edit note adding the information about the Java update. :)

JDBush61 · February 15, 2012, 10:51:33 PM

Quote from: Corrine on February 15, 2012, 02:28:08 AM
In case you've already seen my reply, please note the edit note adding the information about the Java update. :)

Hi Corrine,

Thanks for your reply and follow-up, and sorry for this belated reply.

To answer your first question from the previous post, yes, I did run the Sophos anti-rootkit software when I was stumbling around on my own before joining the LzD forum. I only ran a scan with that software, and I don't remember doing anything else with it. I think that I removed all of that software (and whatever log it produced) from this computer after trying it. Well, I hope that I did.

This morning, I followed your instructions and removed the SecurityCheck and RSIT related stuff, and uninstalled the HijackThis program. In addition, I downloaded and installed "Adobe Reader X (10.1.2)" and "Java SE 7u3".

Next, I did a double-check:

Start> Contol Panel> Add or Remove Programs> ... and noticed that Java 6u30 was still there, so I deleted it. An odd thing happened. The WinPatrol Scotty dog window popped up and asked me if I wanted to install a Java 6-related add on to IE, and being worried, I clicked "no" (as I assumed something malicious was trying to add itself again, plus, I assumed that only Java 7 items should now be on my box. I hope that was correct.

Then, still in "Add or Remorve Programs", I noticed Adobe 9 related items there, such as the "Chinese fonts" for Adobe 9 and "Japanese fonts" for Adobe 9. So, I deleted those also. All items should now be Adobe X-related, yes? Also, "Adobe Air", "Adobe Flash Player 11 ActiveX", and "getplus(R) for Adobe" are all listed there as well, yet with no file size (MB) information. In addition, there is a file named "Acrobat.com" ... Size: 1.63MB. Are those rogue files? Are they needed? (yup, I'm still very much a novice! ;))

Now for the real problem. I want to follow your ComboFix steps, yet now the red and white ComboFix icon is missing from my desktop. (?) Where it went, I have no idea. The Combofix log file is still there, yet no ComboFix.exe icon to drag the notepad file to. Hmmmmm, so I went to Start> Windows Search> and found:

ComboFixLog.txt C:\Documents... 15KB Text Document
ComboFix.txt C:\ 15KB Text Document
ComboFix-quarantined-files.txt C:\Qoobox 1KB Text Document

I then found the Qoobox folder, and inside, there is another folder named "BackEnv".
However, when I try to open that folder, a window pops up stating "Access is denied".

Anyway, with all of that aside, what should I do next? Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?

I'm at a little bit of a loss at this point.

- JDBush61

Corrine · February 16, 2012, 01:19:27 AM

Once again, a critical security update, this time to Adobe Flash Player. Be sure to UNCHECK the option to install McAfee Security Scan. You need to update both IE and non-IE browsers. http://get.adobe.com/flashplayer/

Quote from: JDBush61Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?

See, you aren't so lost after all. Yes, that is what you need to do. I suspect you got a bit carried away cleaning off your desktop.

We'll take a closer look at the programs on your computer shortly. In fact. after you run ComboFix and post that log, please provide an extra ComboFix report:

Push the "Windows Key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and past the following into the box:
C:\Qoobox\Add-Remove Programs.txt
click Ok

Copy and paste the report into a new reply for me to review.

JDBush61 · February 16, 2012, 03:55:39 AM

Quote from: Corrine on February 16, 2012, 01:19:27 AM
Once again, a critical security update, this time to Adobe Flash Player. Be sure to UNCHECK the option to install McAfee Security Scan. You need to update both IE and non-IE browsers. http://get.adobe.com/flashplayer/

Quote from: JDBush61Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?
See, you aren't so lost after all. Yes, that is what you need to do. I suspect you got a bit carried away cleaning off your desktop.

We'll take a closer look at the programs on your computer shortly. In fact. after you run ComboFix and post that log, please provide an extra ComboFix report:

Push the "Windows Key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and past the following into the box:
C:\Qoobox\Add-Remove Programs.txt
click Ok
Copy and paste the report into a new reply for me to review.

Hi Corrine,

I did the critical update to the Adobe Flash Player, and updated IE and the GoogleChrome browser.
I did not see any box related to McAfee software to "uncheck", yet there was a box asking to add the Google Chrome browser.

That aside, I downloaded ComboFix.exe again, and then dragged the CFScript.txt file to it and ran the program (the log filw is shown below). I also followed your instructions ("Windows Key" + "R") and then manually typed C:\Qoobox\Add-Remove Programs.txt into the Run box that appeared. It quickly generated another log, and I will post that log in my next reply. However, was that second log a "ComboFix" log as well?

Also, when I was running ComboFix.exe with the CFScript.txt file, the WinPatrol window popped up before the program had completely finished (before it had generated the log), and the WinPatrol message said:

! A change has been detected in your Internet Explorer Search Page.
Your new page is http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
If this is ok, then click Yes or press Enter,
Click No or press Esc and we'll restore your page to
http://www.google.com.

Not expecting the WinPatrol screen, and not knowing if ComboFix had generated the detected change, or not, I just clicked "No". Was that OK? WinPatrol popped up yesterday also when I was performing my first ComboFix scan, and asked my to make decisions that I did not feel informed enough to make. So that is maybe a problem.

Here is the first CFScript.txt log info:

ComboFix 12-02-15.01 - hp 02/16/2012 11:55:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.175 [GMT 9:00]
Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hp\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 01:09 . 2012-01-11 19:06   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-02-16 01:09 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-02-16 00:45 . 2012-02-16 00:53   --------   d-----w-   c:\windows\system32\drivers\N360\0600010.002
2012-02-15 21:46 . 2012-02-15 21:46   --------   d-----w-   c:\program files\Common Files\Java
2012-02-15 21:42 . 2012-02-15 21:42   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-02-13 17:34 . 2012-02-15 20:55   --------   d-----w-   c:\program files\Trend Micro
2012-02-12 06:22 . 2012-02-15 21:42   141312   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-11 17:22 . 2012-02-11 17:22   --------   d-----w-   c:\program files\Common Files\xing shared
2012-02-11 16:45 . 2012-02-11 16:45   --------   d-----w-   c:\documents and settings\hp\Local Settings\Application Data\Secunia PSI
2012-02-11 14:14 . 2012-02-11 14:14   --------   d-----w-   c:\documents and settings\hp\Application Data\IObit
2012-02-11 13:26 . 2012-02-11 13:26   --------   d-----w-   c:\documents and settings\hp\Application Data\WinPatrol
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\program files\BillP Studios
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-02-11 12:07 . 2012-02-11 12:43   24064   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2012-02-09 16:31 . 2011-12-10 06:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-05 17:39 . 2012-02-05 17:39   --------   d-----w-   c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2012-01-22 23:19 . 2012-01-22 23:19   --------   d-----w-   c:\program files\iPod
2012-01-22 23:19 . 2012-01-22 23:20   --------   d-----w-   c:\program files\iTunes
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 23:07 . 2012-01-22 23:09   --------   d-----w-   c:\program files\QuickTime
2012-01-22 14:07 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\hp\Application Data\Skype
2012-01-22 14:05 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 02:38 . 2011-06-27 03:59   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 00:50 . 2010-05-06 01:04   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-02-16 00:50 . 2010-05-06 01:04   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-15 21:42 . 2010-06-01 06:26   567696   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2006-02-28 12:00   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-25 21:57 . 2006-02-28 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-18 12:35 . 2006-02-28 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-14_19.28.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 02:14 . 2012-02-16 02:14   16384 c:\windows\Temp\Perflib_Perfdata_394.dat
+ 2006-02-28 12:00 . 2012-02-16 01:17   79782 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-01-03 23:18   79782 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20   66560 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   66560 c:\windows\system32\mshtmled.dll
- 2006-11-07 12:03 . 2011-11-04 19:20   55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 12:03 . 2011-12-17 19:46   55296 c:\windows\system32\msfeedsbs.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   25600 c:\windows\system32\jsproxy.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   25600 c:\windows\system32\jsproxy.dll
+ 2012-02-16 00:46 . 2011-11-24 01:50   32888 c:\windows\system32\drivers\N360\0600010.002\srtspx.sys
- 2009-06-12 06:36 . 2011-11-04 19:20   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-12 06:36 . 2011-12-17 19:46   12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-01-28 05:48 . 2012-01-30 21:46   35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 01:21 . 2012-02-16 01:21   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 01:19 . 2012-02-16 01:19   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 00:45 . 2011-11-03 02:03   4782 c:\windows\system32\drivers\N360\0600010.002\SymVTcer.dat
+ 2012-02-16 01:16 . 2012-02-16 01:16   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2012-02-16 01:17   466062 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-03 23:18   466062 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20   206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   611840 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   611840 c:\windows\system32\mstime.dll
+ 2006-11-07 12:03 . 2011-12-17 19:46   602112 c:\windows\system32\msfeeds.dll
- 2006-11-07 12:03 . 2011-11-04 19:20   602112 c:\windows\system32\msfeeds.dll
+ 2012-02-16 02:34 . 2012-02-16 02:38   250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-02-16 02:34 . 2012-02-16 02:38   335520 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.dll
+ 2012-02-15 21:42 . 2012-02-15 21:42   224136 c:\windows\system32\javaws.exe
+ 2012-02-15 21:42 . 2012-02-15 21:42   173960 c:\windows\system32\javaw.exe
+ 2012-02-15 21:42 . 2012-02-15 21:42   173960 c:\windows\system32\java.exe
+ 2006-02-28 12:00 . 2011-12-17 19:46   184320 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-16 12:23   174080 c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00 . 2011-11-04 11:24   174080 c:\windows\system32\ie4uinit.exe
+ 2008-01-23 17:37 . 2012-02-16 01:43   289296 c:\windows\system32\FNTCACHE.DAT
- 2008-01-23 17:37 . 2011-12-17 22:44   289296 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-16 00:46 . 2011-11-17 03:37   345208 c:\windows\system32\drivers\N360\0600010.002\symtdiv.sys
+ 2012-02-16 00:46 . 2011-11-17 03:37   388216 c:\windows\system32\drivers\N360\0600010.002\symtdi.sys
+ 2012-02-16 00:46 . 2011-11-17 03:37   318584 c:\windows\system32\drivers\N360\0600010.002\symnets.sys
+ 2012-02-16 00:46 . 2011-11-24 02:23   905336 c:\windows\system32\drivers\N360\0600010.002\SymEFA.sys
+ 2012-02-16 00:46 . 2011-08-16 06:51   340088 c:\windows\system32\drivers\N360\0600010.002\SymDS.sys
+ 2012-02-16 00:46 . 2011-11-24 01:50   574584 c:\windows\system32\drivers\N360\0600010.002\srtsp.sys
+ 2012-02-16 00:46 . 2011-11-17 03:17   149624 c:\windows\system32\drivers\N360\0600010.002\Ironx86.sys
+ 2012-02-16 00:46 . 2011-11-04 23:59   132744 c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys
- 2006-02-28 12:00 . 2011-11-04 19:20   916992 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   916992 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   105984 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   105984 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   206848 c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   206848 c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 06:36 . 2011-11-04 19:20   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 06:36 . 2011-12-17 19:46   247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-08 18:17 . 2011-11-04 19:20   743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-08 18:17 . 2011-12-17 19:46   743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 11:24   174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-12-16 12:23   174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-02-15 21:46 . 2012-02-15 21:46   176128 c:\windows\Installer\c968f.msi
+ 2012-02-15 21:41 . 2012-02-15 21:41   938496 c:\windows\Installer\c967f.msi
- 2008-01-28 05:48 . 2012-01-30 21:46   888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-16 01:32 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-16 01:32 . 2010-07-05 13:15   231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-16 01:32 . 2011-11-04 19:20   206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-16 01:32 . 2011-11-04 11:24   174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-16 03:02 . 2012-02-16 03:02   321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-16 01:32 . 2012-02-16 01:32   240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-16 01:32 . 2012-02-16 01:32   447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-16 01:28 . 2012-02-16 01:28   208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-16 03:02 . 2012-02-16 03:02   256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 01:23 . 2012-02-16 01:23   258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-16 02:56 . 2012-02-16 02:56   386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 02:56 . 2012-02-16 02:56   410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-16 01:38 . 2012-02-16 01:38   842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   5979136 c:\windows\system32\mshtml.dll
+ 2006-10-17 02:57 . 2011-12-17 19:46   2000384 c:\windows\system32\iertutil.dll
- 2006-10-17 02:57 . 2011-11-04 19:20   2000384 c:\windows\system32\iertutil.dll
+ 2008-10-15 03:24 . 2012-01-12 16:53   1859968 c:\windows\system32\dllcache\win32k.sys
- 2006-02-28 12:00 . 2011-11-04 19:20   1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   2000384 c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-25 18:39 . 2011-10-25 18:39   3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-15 21:24 . 2012-02-15 21:24   2295808 c:\windows\Installer\1ed6dbb.msi
+ 2011-10-30 13:54 . 2011-10-30 13:54   2748416 c:\windows\Installer\11d44f.msp
+ 2012-02-03 06:13 . 2012-02-03 06:13   4988928 c:\windows\Installer\11d447.msp
- 2008-01-28 05:48 . 2012-01-30 21:46   1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-01-28 05:48 . 2012-01-30 21:45   1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 03:55 . 2011-06-06 03:55   6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-02-16 01:32 . 2011-11-04 19:20   1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-16 01:19 . 2012-02-16 01:19   3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 01:32 . 2012-02-16 01:32   1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 01:18 . 2012-02-16 01:18   7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 01:31 . 2012-02-16 01:31   5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-16 01:30 . 2012-02-16 01:30   1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-16 01:29 . 2012-02-16 01:29   1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-16 01:28 . 2012-02-16 01:28   1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1116672 c:\windows\assembly\NativeImages_v2.0.50

JDBush61 · February 16, 2012, 04:01:59 AM

Sorry! That file got cut off. Here is the remaining portion:

+ 2012-02-16 03:04 . 2012-02-16 03:04   1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-16 01:24 . 2012-02-16 01:24   6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 01:24 . 2012-02-16 01:24   2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-16 01:19 . 2012-02-16 01:19   1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 02:56 . 2012-02-16 02:56   1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-02-01 05:31 . 2012-02-16 01:34   52550552 c:\windows\system32\MRT.exe
+ 2006-11-07 12:03 . 2011-12-18 05:46   11082240 c:\windows\system32\ieframe.dll
+ 2007-10-10 23:55 . 2011-12-18 05:46   11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44   15929344 c:\windows\Installer\1ed6dbc.msp
+ 2011-06-06 03:55 . 2011-06-06 03:55   24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-16 01:30 . 2012-02-16 01:30   12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-16 02:55 . 2012-02-16 02:55   17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-16 01:27 . 2012-02-16 01:27   10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-16 01:20 . 2012-02-16 01:20   12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-11 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-1-23 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0600010.002\SymDS.sys [2/16/2012 9:46 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0600010.002\SymEFA.sys [2/16/2012 9:46 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20111201.001\BHDrvx86.sys [2/16/2012 9:46 AM 820344]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys [2/16/2012 9:46 AM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 1:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 6:55 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0600010.002\Ironx86.sys [2/16/2012 9:46 AM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 8:38 AM 116608]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 9:00 PM 14336]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe [2/16/2012 9:46 AM 138248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 2:34 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20111130.012\IDSXpx86.sys [2/16/2012 9:46 AM 356280]
S2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/11/2012 9:07 PM 24064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8F.tmp --> c:\windows\system32\8F.tmp [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:57]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{4A8F4CFB-E03B-4265-81DB-20389E914523}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????W????Z?n??|?P???? ??4B?*Spammer*?hB? ????W?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.0.1.2\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8F.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
.
Completion time: 2012-02-16 12:18:06
ComboFix-quarantined-files.txt 2012-02-16 03:17
ComboFix2.txt 2012-02-14 19:34
.
Pre-Run: 13,504,593,920 bytes free
Post-Run: 13,461,102,592 bytes free
.
- - End Of File - - 8CA6E341CE18D014D46697013BECEDC6

JDBush61 · February 16, 2012, 04:05:40 AM

Here is the Windows + R log that you requested (C:\Qoobox\Add-Remove Programs.txt). I hope that I performed this scan correctly.

Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Critical Update for Windows Media Player 11 (KB959772)
EndNote
GearDrvs
getPlus(R) for Adobe
Google Chrome
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup & Recovery Manager Pre-Load Module
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools 2.00 G1
HP Broadband Wireless Tour
HP Credential Manager for ProtectTools
HP ev2200 Driver Package
HP Help and Support
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 H1
HP Smart Card Security for ProtectTools 5.00 D4
HP Update
HP User Guides 0015
HP Wireless Assistant 2.00 E1
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 7 Update 3
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Norton 360
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Recuva
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
SoundMAX
Speccy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol

Corrine · February 16, 2012, 08:58:34 PM

Hi, JDBush61.

How is your computer running now? After your response, I will provide uninstall instructions for ComboFix.

QuoteHowever, was that second log a "ComboFix" log as well?

Yes, but as you can see, it was a log of installed programs. I wanted to double-check that list.

QuoteAlso, when I was running ComboFix.exe with the CFScript.txt file, the WinPatrol window popped up before the program had completely finished (before it had generated the log), and the WinPatrol message said:

! A change has been detected in your Internet Explorer Search Page.
Your new page is http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
If this is ok, then click Yes or press Enter,
Click No or press Esc and we'll restore your page to
http://www.google.com.

Not expecting the WinPatrol screen, and not knowing if ComboFix had generated the detected change, or not, I just clicked "No". Was that OK? WinPatrol popped up yesterday also when I was performing my first ComboFix scan, and asked my to make decisions that I did not feel informed enough to make. So that is maybe a problem.

This is where we start the education process of WinPatrol!

One of the areas that WinPatrol monitors is the home/start page. If a program makes changes to that page, WinPatrol alerts you and gives you the option to prevent the change. In the process of cleaning, ComboFix made the change to the "default" setting and WinPatrol provided the option to not make that change.

When we began this process you wrote:

QuoteHowever, being somewhat of a novice in all things "computer", I look at my Task Manager box and have no idea what startup programs can be/should be stopped. I basically use that laptop for web surfing, e-mails, and MSWord & PowerPoint programs (I'm an editor by trade), and I rarely use many of the other programs installed on that box. I would really love some advice as to how to go through that laptop and clean out all the fluff & clutter that may be taking up memory usage or causing slowdowns.

I am in the process of creating a more detailed tutorial in our WinPatrol forum since Start Up Programs: Remove, Add, Disable provides general information.

JDBush61 · February 17, 2012, 01:36:43 AM

Hi Corrine, thanks for your reply.

How is your computer running now? After your response, I will provide uninstall instructions for ComboFix.

>>> Well, I guess OK. However, it is still acting strange. For example, start up is slow, Microsoft IE loads slow, and when I click the red "x" (top right corner) to quit IE it sometimes quits slowly; i.e., the screen drags slowly from top to bottom as the program closes. Also, I can "hear" my hard disk running all the time, and it often sounds like it is "cycling up" (high RPMs) and then cycling down. As if some program is running in the background and controlling it. The laptop is a 2008 build (not so old), and I don't remember hearing the hard drive spinning all the time like I can now. That's one of the reasons I suspected malware or a virus/rootkit had taken control. Also, I don't understand what could be robbing all the RAM memory (only 10% available). My first computer was a MAC Performa that I purchased in '95. That box, although great for its day, is a dinosaur compared to my 2008 HP in terms of CPU and memory.

I thought to myself "Gee, is this laptop just getting tired, or dying a slow death?" Could be, I suppose.

By the way, this morning I ran a Norton 306 (version 6) "quick scan" out of habit, and it detected the ComboFix.exe as a "Trojan,ADH.2" and quarantined it. Thus, it disappeared from my desktop, which explains why it disappeared the first time as well, as I must have ran Norton at that time as well. You mentioned that you were going to explain to me how to uninstall ComboFix, yet I think that my Norton activity has maybe messed that up? Looking forward to your next advice, and my sincere apologies if I'm repeatedly doing stupid novice things.

However, was that second log a "ComboFix" log as well?
Yes, but as you can see, it was a log of installed programs. I wanted to double-check that list.

>>> I understand. What did you learn by checking that list? Anything of interest?

I am in the process of creating a more detailed tutorial in our WinPatrol forum since Start Up Programs: Remove, Add, Disable provides general information.

>>> I understand. So Corrine, where do we stand now? Did the logs show you that my laptop was infected in any way with malware/viruses/rootkits, etc.?

Corrine · February 17, 2012, 02:24:11 AM

Hi, JDBush61.

Indeed, I recall when I purchased a desktop with Windows XP and a 4 GB hard drive. I (naively) thought that was the last computer I'd ever need. Wow, 4 GB! Little did I know or imagine what was in store. Generally, the normal lifespan of a laptop is expected to be 4-5 years, less in business environments.

No, I didn't see anything unusual in the list of installed programs.

It took me longer than I expected, but I did finally finish the new tutorial: Reviewing Start-Up Programs

You indicated previously that the scans you ran did not show anything and I am not seeing signs of malware but that doesn't mean I didn't miss something in the logs. So, let's get one more opinion. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

After we see the results, we'll take care of ComboFix.

JDBush61 · February 19, 2012, 05:19:37 PM

Quote from: Corrine on February 17, 2012, 02:24:11 AM
Hi, JDBush61.

Indeed, I recall when I purchased a desktop with Windows XP and a 4 GB hard drive. I (naively) thought that was the last computer I'd ever need. Wow, 4 GB! Little did I know or imagine what was in store. Generally, the normal lifespan of a laptop is expected to be 4-5 years, less in business environments.

No, I didn't see anything unusual in the list of installed programs.

It took me longer than I expected, but I did finally finish the new tutorial: Reviewing Start-Up Programs

Hi Corrine, please forgive this late reply. Got sidetracked over the weekend. Please know that I truly appreciate all the time you have spent on my behalf!

So yeah, me too. I thought this 2008 HP would be all I needed for a while, yet then again, I tend to stick with my current hardware/software too long before updating (I used that '95 MAC Performa for close to 10 years before finally getting rid of it). Now, my Sony Vaio laptop (Windows 7 64 bit, Intel i5, 300GB HD) is making this HP look like a dinosaur in many ways. Question: When you say "less in a business environment", is that purely due to work machines being "on" for many more hours of the day than a home computer?

I read your nice tutorial (thank you), and I will start looking into my startup programs. Something is still robbing/hogging the RAM, so I very much suspect that I may not have things configured correctly -- or, deeper problems. This box is still acting up and being somewhat tempermental. Slow page loads and closes (dragging), and other odd stuff. For example, I will click once, then nothing happens for a second or three, and then I "hear" two or three clicks, and then a page will open or a program will open after a multi-second hesitation. Hard drive still audibly loud and spinning (sometimes constantly, like now, and sometimes cycling up and down in rpms).

So, here is the ESET online scan log that you requested. Looking forward to your further advice (ComboFix uninstall, etc., etc.).

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64fb5f9dc7730b4dbb4e6608855b379d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-18 12:36:43
# local_time=2012-02-18 09:36:43 (+0900, Tokyo Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 224351 224351 0 0
# compatibility_mode=3589 16777189 100 74 127974 80222604 0 0
# compatibility_mode=8192 67108863 100 0 962 962 0 0
# scanned=72266
# found=0
# cleaned=0
# scan_time=4896

Corrine · February 19, 2012, 08:20:33 PM

JDBush61.

Confirmation by ESET that all looks good! Please do the following to implement cleanup procedures and also to reset System Restore points:

First, restore ComboFix from Norton Quarantine, following the instructions at Managing Norton 360 Quarantine Items | Antivirus Support, selecting Restore & Exclude under Actions.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

[Note: If this doesn't work, download ComboFix to your desktop again and then follow the uninstall instructions.)

QuoteQuestion: When you say "less in a business environment", is that purely due to work machines being "on" for many more hours of the day than a home computer?

Not only being "on" for 8-10 hours per day but also generally getting a heavier workout, not merely checking e-mail, surfing the web and handling a few Word or Power Point files. :)

As to the "sluggishness", keep in mind that your Sony Vaio laptop has 4 GB RAM compared to the HP with 503 MB. RAM is not expensive (as illustrated by selecting the model of your HP laptop here and following the instructions at, for example, How to Add Memory to an HP Pavilion Notebook | eHow.com). You could also take it to a reputable, local TechShop (no idea about what is available in Japan). It really depends on how long you want to keep that laptop to justify any expense. The end of extended support for Windows XP is April 8, 2014.

Another consideration is that the laptop may need a different kind of cleaning -- that is the ports or cooling vents may be clogged with dirt & dust. Although canned air can be used, the only problem with that is spraying too with the canned air may result in liquid in the fan blades, causing them to seize. (Do NOT use a vacuum cleaner as it can end up causing damage by sucking the dust and debris into fragile parts.)

Although ComboFix would have cleaned Temp Files, it wouldn't hurt to periodically run TFC (Temp File Cleaner) followed by Defragment of your hard drive. The instructions for TFC:

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

The instructions to defrag your computer:

Open My Computer.
Right-click the local disk volume that you want to defragment (i.e., C), and then click Properties.
On the Tools tab, click Defragment Now.
Click Defragment.

Please let me know if you have any questions.

JDBush61 · February 20, 2012, 01:13:22 AM

Hi Corrine,

I actually encountered a little difficulty uninstalling ComboFix, yet I think that I was ultimately successful. First, I went to the Norton Quarantine and performed the Restore & Exclude. Once finished, the red & white ComboFix installer icon failed to reappear on my desktop, yet I did cut and paste ComboFix /Uninstall into the run box and clicked OK. A message popped up saying that the files (program?) could not be found. Next, I once-again downloaded the file from BleepingComputer and the icon then appeared on the desktop. I tried the ComboFix /Uninstall once more, and again I got the pop-up window stating no file could be found. Realizing that the icon was an installer link, I then double-clicked the icon (wasn't sure what else to do) and ComboFix began to run and produce another log file. Hope that was OK (beads of sweat then developing on my foorehead). I saved the log file to my desktop, and will post it if you would like to see it. Next, still concentrating on the uninstall, I once more pasted ComboFix /Uninstall into the run box, and this time "success"!... with a small pop-up window stating that it had successfully unistalled.

I did not have time to download the TFC temp file cleaner and run it, yet I will do that and also defrag later today when I get home.

By the way, I opened WinPatrol and ran the log related to the start-up programs. A lot of info there. I opened the SYSTEMLOOKUP Startup List link that you provided, yet then began to get confused ( :wink:). I will do more reading.

Finally, do you have any more thoughts regarding making more RAM available? I did a little reading about virtual memory and pagefiles, and then got even more confused. That HP box has a "D" partition (around 3GB) for backup and recovery, and it is nearly 100% full. Is that normal? Is there a way to clean up that drive, or should it be just left alone?

- JDB