Jump to content

Malware and Hijack This stop after a few seconds: new person, same problem


Recommended Posts

I have the same problem as Kevin T a few posts down: whenever I install and run Malwarebytes, Hijack This, or any other malware tool, the scans run for a few seconds and then close, and I can no longer open the program. As per your instructions to Kevin, I ran ComboFix and got the following log:

ComboFix Beta_09-08-18.01 - David 08/20/2009 14:28.4.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1556 [GMT -7:00]

Running from: c:\documents and settings\David\Desktop\sVchost.com

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_kbiwkmdoykixma

-------\Legacy_kbiwkmdoykixma

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

2009-08-20 20:52 . 2009-08-20 20:53 -------- d-----w- c:\program files\asjfdsk3

2009-08-20 19:24 . 2009-08-20 19:24 -------- d-----w- c:\program files\asjfdsk2

2009-08-20 18:48 . 2009-08-20 18:48 -------- d-----w- c:\program files\asjfdsk

2009-08-20 18:07 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-08-20 18:07 . 2009-08-20 21:20 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP

2009-08-20 18:07 . 2009-04-03 17:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-08-20 18:07 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\program files\Common Files\PC Tools

2009-08-20 18:07 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-08-20 18:07 . 2009-08-20 20:19 -------- d-----w- c:\program files\Spyware Doctor

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\documents and settings\David\Application Data\PC Tools

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools

2009-08-20 17:54 . 2009-08-20 17:54 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes

2009-08-20 17:54 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-20 17:54 . 2009-08-20 17:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes

2009-08-20 17:54 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-20 17:52 . 2009-08-20 18:39 -------- d-----w- c:\program files\Malwarebytes

2009-08-20 17:36 . 2009-08-20 17:41 -------- d-----w- c:\windows\system32\NtmsData

2009-08-20 05:14 . 2009-08-20 05:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2009-08-20 00:11 . 2009-08-20 00:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Blizzard Entertainment

2009-08-04 06:13 . 2009-08-04 06:13 -------- d-----w- c:\program files\iPod

2009-07-23 00:28 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-07-21 22:50 . 2009-07-21 22:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-07-21 22:50 . 2005-10-18 02:50 245376 ----a-w- c:\windows\system32\rt2500usb.sys

2009-07-21 22:50 . 2005-10-18 02:50 245376 ----a-w- c:\windows\system32\drivers\rt2500usb.sys

2009-07-21 22:50 . 2004-04-24 05:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys

2009-07-21 22:50 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys

2009-07-21 22:50 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll

2009-07-21 22:50 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys

2009-07-21 22:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys

2009-07-21 22:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys

2009-07-21 22:50 . 2009-07-21 22:50 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 20:52 . 2008-09-20 05:45 -------- d-----w- c:\program files\Firefox

2009-08-20 06:14 . 2008-09-24 02:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-20 06:14 . 2008-09-24 02:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-20 06:14 . 2008-09-24 02:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-20 05:24 . 2009-07-21 16:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2009-08-20 05:12 . 2009-07-21 16:59 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-20 00:11 . 2008-09-21 08:27 -------- d-----w- c:\program files\World of Warcraft

2009-08-18 00:58 . 2008-11-09 06:18 -------- d-----w- c:\program files\Steam

2009-08-15 06:04 . 2009-04-06 01:51 -------- d-----w- c:\documents and settings\David\Application Data\uTorrent

2009-08-12 19:13 . 2009-01-15 00:31 -------- d-----w- c:\program files\Logitech

2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 06:13 . 2008-09-23 07:03 -------- d-----w- c:\program files\Common Files\Apple

2009-07-31 22:41 . 2009-02-04 22:13 -------- d-----w- c:\documents and settings\David\Application Data\dvdcss

2009-07-21 22:50 . 2008-09-19 21:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\program files\Trend Micro

2009-07-21 20:35 . 2008-10-02 00:11 -------- d-----w- c:\documents and settings\David\Application Data\OpenOffice.org2

2009-07-21 20:28 . 2009-07-21 20:28 -------- d-----w- c:\program files\CCleaner

2009-07-19 05:29 . 2009-07-19 05:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles

2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-11 06:32 . 2009-07-11 06:32 -------- d-----w- c:\program files\Common Files\DirectX

2009-07-11 06:28 . 2009-07-11 06:28 -------- d-----w- c:\program files\Codemasters

2009-07-11 06:28 . 2009-07-11 06:28 -------- d-----w- c:\documents and settings\David\Application Data\InstallShield

2009-07-03 05:45 . 2008-10-21 05:42 -------- d-----w- c:\documents and settings\David\Application Data\mIRC

2009-06-29 16:12 . 2007-07-27 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-26 20:52 . 2009-06-26 20:43 157420 ----a-w- c:\windows\hpoins29.dat

2009-06-26 20:47 . 2009-02-12 01:01 -------- d-----w- c:\documents and settings\David\Application Data\HP

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant

2009-06-26 20:44 . 2009-02-12 00:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\program files\Hewlett-Packard

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\program files\Common Files\HP

2009-06-25 08:25 . 2007-07-27 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2007-07-27 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2007-07-27 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2007-07-27 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2007-07-27 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2007-07-27 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2007-07-27 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2007-07-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2007-07-27 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2007-07-27 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2008-09-19 20:27 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2007-07-27 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2007-07-27 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:09 . 2007-07-27 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-09-20 17:01 . 2008-09-20 17:01 1283912 -c--a-w- c:\program files\wowclient-downloader.exe

2008-09-20 16:07 . 2008-09-20 16:07 1038787 -c--a-w- c:\program files\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-07-21_16.49.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

- 2008-09-19 22:12 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe

+ 2008-09-19 22:12 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe

- 2007-07-27 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll

+ 2007-07-27 12:00 . 2009-08-08 17:37 71592 c:\windows\system32\perfc009.dat

- 2007-07-27 12:00 . 2003-04-20 04:49 71592 c:\windows\system32\perfc009.dat

- 2007-08-14 01:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-14 01:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-07-27 12:00 . 2008-04-14 00:11 56320 c:\windows\system32\logevent.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll

- 2007-08-14 01:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe

+ 2007-08-14 01:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe

- 2007-07-27 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll

+ 2007-07-27 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe

- 2007-07-27 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-14 01:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll

- 2007-08-14 01:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll

+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll

+ 2007-07-27 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe

+ 2007-07-27 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe

- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll

+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2008-09-19 23:56 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-09-19 23:56 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2007-07-27 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys

- 2007-07-27 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2008-09-19 23:56 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2008-09-19 23:56 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-07-27 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2007-07-27 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-07-27 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-09-19 23:56 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll

+ 2008-09-19 23:56 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll

- 2007-07-27 12:00 . 2008-04-14 00:11 84992 c:\windows\system32\dllcache\avifil32.dll

+ 2007-07-27 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll

+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll

+ 2008-09-19 20:34 . 2009-08-20 19:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-19 20:34 . 2008-09-19 23:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-08-20 16:41 . 2009-08-20 17:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009082020090821\index.dat

+ 2008-09-19 20:34 . 2009-08-20 19:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-09-19 20:34 . 2008-09-19 23:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-08-20 16:41 . 2009-08-20 16:41 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT

- 2008-09-19 20:34 . 2008-09-19 23:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-09-19 20:34 . 2009-08-20 19:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-07-30 00:23 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll

+ 2009-07-30 00:23 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe

+ 2009-07-30 00:23 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll

+ 2009-07-30 00:23 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe

+ 2009-07-30 00:23 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll

+ 2009-07-30 00:23 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe

+ 2009-08-08 09:02 . 2009-08-08 09:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2009-08-08 19:49 . 2009-08-08 19:49 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-11-24 22:52 . 2009-08-12 08:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2009-02-27 00:07 . 2009-02-27 00:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-02-27 00:07 . 2009-02-27 00:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-09-06 06:29 . 2009-03-11 05:18 934792 c:\windows\system32\WgaTray.exe

+ 2008-09-06 06:30 . 2009-03-11 05:18 239496 c:\windows\system32\WgaLogon.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll

- 2007-07-27 12:00 . 2003-04-20 04:49 443062 c:\windows\system32\perfh009.dat

+ 2007-07-27 12:00 . 2009-08-08 17:37 443062 c:\windows\system32\perfh009.dat

+ 2007-07-27 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll

+ 2007-08-14 01:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll

- 2007-08-14 01:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll

- 2007-08-14 01:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll

+ 2007-08-14 01:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 19:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll

+ 2007-07-27 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll

- 2007-07-27 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll

+ 2007-07-27 12:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll

+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll

- 2008-06-23 15:09 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll

+ 2008-06-23 15:09 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll

+ 2008-09-06 06:29 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-06 06:30 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll

- 2007-08-14 01:54 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2007-08-14 01:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-14 01:44 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll

+ 2007-08-14 01:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll

+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll

- 2007-08-14 01:44 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll

+ 2007-08-14 01:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll

+ 2007-07-27 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll

+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-09-19 23:56 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll

- 2008-09-19 23:56 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-04-14 19:04 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll

+ 2008-09-19 20:28 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe

+ 2008-09-19 23:56 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll

- 2008-09-19 23:56 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-09-19 23:56 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2007-07-27 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2007-07-27 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-08-14 01:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll

- 2007-08-14 01:39 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll

- 2007-07-27 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2008-07-25 19:17 . 2008-07-25 19:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2008-12-13 16:58 . 2008-12-13 16:58 754688 c:\windows\Installer\3d9c012.msp

+ 2009-07-30 00:23 . 2009-07-30 00:23 248832 c:\windows\Installer\119f480.msi

+ 2009-08-04 06:14 . 2009-08-04 06:14 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-11-24 22:52 . 2009-07-15 08:38 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-11-24 22:52 . 2009-08-12 08:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2003-07-15 11:18 . 2003-07-15 11:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL

+ 2009-01-18 23:05 . 2009-01-18 23:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll

+ 2009-07-30 00:23 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll

+ 2009-07-30 00:23 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe

+ 2009-07-30 00:23 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll

+ 2009-07-30 00:23 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe

+ 2009-07-30 00:23 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll

+ 2009-07-30 00:23 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2009-08-08 17:34 . 2009-08-08 17:34 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll

+ 2009-08-08 19:51 . 2009-08-08 19:51 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2009-08-08 19:49 . 2009-08-08 19:49 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2009-08-08 17:33 . 2009-08-08 17:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2009-08-08 19:49 . 2009-08-08 19:49 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

+ 2009-08-08 19:49 . 2009-08-08 19:49 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2009-02-27 00:09 . 2009-02-27 00:09 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-02-27 00:09 . 2009-02-27 00:09 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2009-02-27 00:09 . 2009-02-27 00:09 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2007-07-27 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll

+ 2007-07-27 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll

+ 2007-07-27 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll

+ 2008-03-21 01:06 . 2009-03-11 05:18 1482112 c:\windows\system32\LegitCheckControl.dll

+ 2007-08-14 01:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll

+ 2007-02-12 23:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat

+ 2008-06-26 08:15 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll

- 2008-06-26 08:15 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll

+ 2008-09-19 20:27 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll

+ 2008-09-19 20:28 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll

+ 2008-06-23 15:09 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll

+ 2008-09-19 23:56 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2008-09-19 23:56 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat

+ 2008-12-06 02:35 . 2008-12-06 02:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

- 2008-07-30 03:16 . 2008-07-30 03:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2008-12-06 03:12 . 2008-12-06 03:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

- 2008-07-25 19:17 . 2008-07-25 19:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2008-07-25 19:17 . 2008-07-25 19:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-06-21 01:15 . 2009-06-21 01:15 6653952 c:\windows\Installer\6c51249.msp

+ 2009-08-04 07:06 . 2009-08-04 07:06 1697792 c:\windows\Installer\6c51248.msp

+ 2009-08-04 06:14 . 2009-08-04 06:14 4945408 c:\windows\Installer\6928801.msi

+ 2009-08-04 06:12 . 2009-08-04 06:12 3295232 c:\windows\Installer\69284b1.msi

+ 2008-12-13 16:57 . 2008-12-13 16:57 8397824 c:\windows\Installer\3d9bffb.msp

+ 2009-08-05 09:11 . 2009-08-05 09:11 5518848 c:\windows\Installer\381089f.msp

+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\3810888.msp

+ 2007-05-10 21:45 . 2007-05-10 21:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL

+ 2007-03-14 21:10 . 2007-03-14 21:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL

+ 2008-12-18 23:48 . 2008-12-18 23:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll

+ 2009-07-30 00:23 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll

+ 2009-07-30 00:23 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll

+ 2009-07-30 00:23 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat

+ 2009-08-08 09:02 . 2009-08-08 09:02 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll

+ 2009-08-08 19:51 . 2009-08-08 19:51 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

+ 2009-08-08 19:51 . 2009-08-08 19:51 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2009-08-08 19:51 . 2009-08-08 19:51 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2009-02-27 00:09 . 2009-02-27 00:09 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2009-02-27 00:08 . 2009-02-27 00:08 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2009-02-27 00:08 . 2009-02-27 00:08 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-08-08 09:01 . 2009-08-08 09:01 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2009-02-27 00:07 . 2009-02-27 00:07 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2007-07-27 12:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll

+ 2008-09-19 23:43 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe

+ 2007-07-27 12:00 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2008-12-13 17:21 . 2008-12-13 17:21 10473472 c:\windows\Installer\3d9c006.msp

+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\3810889.msp

+ 2009-02-27 23:37 . 2009-02-27 23:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll

+ 2009-08-08 19:50 . 2009-08-08 19:50 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2009-08-08 19:49 . 2009-08-08 19:49 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll

+ 2009-08-08 17:34 . 2009-08-08 17:34 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll

+ 2009-08-08 17:33 . 2009-08-08 17:33 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll

+ 2009-08-08 09:02 . 2009-08-08 09:02 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="e:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy 2\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"RivaTuner"="e:\program files\Rivatuner\RivaTuner.exe" [2009-02-25 2781184]

"RivaTunerStartupDaemon"="e:\program files\Rivatuner\RivaTuner.exe" [2009-02-25 2781184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-20 06:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\wowclient-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=

"e:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"e:\\mIRC\\mirc.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Games\\Puzzlegeddon\\Puzzlegeddon Demo\\Puzzlegeddon.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"e:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the last remnant\\Binaries\\TLR.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Firefox\\firefox.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the witcher enhanced edition\\System\\witcher.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/20/2009 11:07 AM 130936]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/23/2008 7:26 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/23/2008 7:26 PM 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/23/2008 7:26 PM 297752]

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [7/21/2009 3:50 PM 53307]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/23/2008 7:26 PM 908056]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/20/2009 11:07 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\docume~1\David\APPLIC~1\Mozilla\Firefox\Profiles\07hr8jzj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\07hr8jzj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\Firefox\plugins\NPAskSBr.dll

FF - plugin: e:\program files\Codecs\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: e:\program files\Codecs\Real Alternative\browser\plugins\nprpjplug.dll

FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 14:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\

Link to post
Share on other sites

  • Staff

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Regnull::

[HKEY_USERS\S-1-5-21-1275210071-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\

Link to post
Share on other sites

I did as instructed. Here is the combofix log. I notice it seems to be investigating the asjfdsk directories, and it might help you to know that those directories hold various installations of Malwarebytes that I renamed random strings in an attempt (sadly unsuccessful) at thwarting the spyware infestation on my computer.

ComboFix 09-08-22.06 - David 08/23/2009 21:00.5.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1634 [GMT -7:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))

.

2009-08-20 20:52 . 2009-08-20 20:53 -------- d-----w- c:\program files\asjfdsk3

2009-08-20 19:24 . 2009-08-20 19:24 -------- d-----w- c:\program files\asjfdsk2

2009-08-20 18:48 . 2009-08-20 18:48 -------- d-----w- c:\program files\asjfdsk

2009-08-20 18:07 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-08-20 18:07 . 2009-08-20 21:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-20 18:07 . 2009-04-03 17:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-08-20 18:07 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\program files\Common Files\PC Tools

2009-08-20 18:07 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-08-20 18:07 . 2009-08-20 20:19 -------- d-----w- c:\program files\Spyware Doctor

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\documents and settings\David\Application Data\PC Tools

2009-08-20 18:07 . 2009-08-20 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-08-20 17:54 . 2009-08-20 17:54 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes

2009-08-20 17:54 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-20 17:54 . 2009-08-20 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-20 17:54 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-20 17:52 . 2009-08-20 18:39 -------- d-----w- c:\program files\Malwarebytes

2009-08-20 17:36 . 2009-08-20 17:41 -------- d-----w- c:\windows\system32\NtmsData

2009-08-20 05:14 . 2009-08-20 05:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2009-08-20 00:11 . 2009-08-20 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-04 06:13 . 2009-08-04 06:13 -------- d-----w- c:\program files\iPod

2009-08-04 06:08 . 2009-08-04 06:08 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 00:53 . 2008-09-20 05:45 -------- d-----w- c:\program files\Firefox

2009-08-23 00:41 . 2009-04-06 01:51 -------- d-----w- c:\documents and settings\David\Application Data\uTorrent

2009-08-20 06:14 . 2008-09-24 02:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-20 06:14 . 2008-09-24 02:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-20 06:14 . 2008-09-24 02:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-20 05:24 . 2009-07-21 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-20 05:12 . 2009-07-21 16:59 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-20 00:11 . 2008-09-21 08:27 -------- d-----w- c:\program files\World of Warcraft

2009-08-18 00:58 . 2008-11-09 06:18 -------- d-----w- c:\program files\Steam

2009-08-12 19:13 . 2009-01-15 00:31 -------- d-----w- c:\program files\Logitech

2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 06:13 . 2008-09-23 07:03 -------- d-----w- c:\program files\Common Files\Apple

2009-07-31 22:41 . 2009-02-04 22:13 -------- d-----w- c:\documents and settings\David\Application Data\dvdcss

2009-07-21 22:50 . 2009-07-21 22:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-07-21 22:50 . 2009-07-21 22:50 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor

2009-07-21 22:50 . 2008-09-19 21:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\program files\Trend Micro

2009-07-21 20:35 . 2008-10-02 00:11 -------- d-----w- c:\documents and settings\David\Application Data\OpenOffice.org2

2009-07-21 20:28 . 2009-07-21 20:28 -------- d-----w- c:\program files\CCleaner

2009-07-19 05:29 . 2009-07-19 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-11 06:32 . 2009-07-11 06:32 -------- d-----w- c:\program files\Common Files\DirectX

2009-07-11 06:28 . 2009-07-11 06:28 -------- d-----w- c:\program files\Codemasters

2009-07-11 06:28 . 2009-07-11 06:28 -------- d-----w- c:\documents and settings\David\Application Data\InstallShield

2009-07-03 05:45 . 2008-10-21 05:42 -------- d-----w- c:\documents and settings\David\Application Data\mIRC

2009-06-29 16:12 . 2007-07-27 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-26 20:52 . 2009-06-26 20:43 157420 ----a-w- c:\windows\hpoins29.dat

2009-06-26 20:47 . 2009-02-12 01:01 -------- d-----w- c:\documents and settings\David\Application Data\HP

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2009-06-26 20:44 . 2009-02-12 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\program files\Hewlett-Packard

2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\program files\Common Files\HP

2009-06-25 08:25 . 2007-07-27 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2007-07-27 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2007-07-27 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2007-07-27 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2007-07-27 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2007-07-27 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2007-07-27 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2007-07-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2007-07-27 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2007-07-27 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2008-09-19 20:27 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2007-07-27 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2007-07-27 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:09 . 2007-07-27 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-09-20 17:01 . 2008-09-20 17:01 1283912 -c--a-w- c:\program files\wowclient-downloader.exe

2008-09-20 16:07 . 2008-09-20 16:07 1038787 -c--a-w- c:\program files\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\program files\asjfdsk ----

2009-08-20 18:48 . 2009-08-20 18:48 10498 ----a-w- c:\program files\asjfdsk\unins000.msg

2009-08-20 18:48 . 2009-08-03 20:36 232720 ----a-w- c:\program files\asjfdsk\mbamservice.exe

2009-08-20 18:48 . 2009-08-03 20:36 419088 ----a-w- c:\program files\asjfdsk\mbamgui.exe

2009-08-20 18:48 . 2009-08-03 20:36 46352 ----a-w- c:\program files\asjfdsk\ssubtmr6.dll

2009-08-20 18:48 . 2009-08-03 20:36 496912 ----a-w- c:\program files\asjfdsk\vbalsgrid6.ocx

2009-08-20 18:48 . 2009-08-03 20:36 70928 ----a-w- c:\program files\asjfdsk\mbamext.dll

2009-08-20 18:48 . 2009-08-03 20:36 79632 ----a-w- c:\program files\asjfdsk\zlib.dll

2009-08-20 18:48 . 2009-08-03 20:36 1295632 ----a-w- c:\program files\asjfdsk\mbam.exe

2009-08-20 18:48 . 2008-11-10 00:19 12175 ----a-w- c:\program files\asjfdsk\Languages\swedish.lng

2009-08-20 18:48 . 2009-04-15 12:00 13808 ----a-w- c:\program files\asjfdsk\Languages\turkish.lng

2009-08-20 18:48 . 2008-11-01 00:54 13097 ----a-w- c:\program files\asjfdsk\Languages\ukrainian.lng

2009-08-20 18:48 . 2009-06-10 20:39 11593 ----a-w- c:\program files\asjfdsk\Languages\norwegian.lng

2009-08-20 18:48 . 2009-01-11 07:56 11623 ----a-w- c:\program files\asjfdsk\Languages\polish.lng

2009-08-20 18:48 . 2008-03-05 02:56 12245 ----a-w- c:\program files\asjfdsk\Languages\portugueseBR.lng

2009-08-20 18:48 . 2008-06-15 20:04 12345 ----a-w- c:\program files\asjfdsk\Languages\portuguesePT.lng

2009-08-20 18:48 . 2008-03-14 02:09 12672 ----a-w- c:\program files\asjfdsk\Languages\romanian.lng

2009-08-20 18:48 . 2008-07-04 07:58 11779 ----a-w- c:\program files\asjfdsk\Languages\russian.lng

2009-08-20 18:48 . 2008-03-03 13:03 12114 ----a-w- c:\program files\asjfdsk\Languages\serbian.lng

2009-08-20 18:48 . 2008-07-26 16:58 11599 ----a-w- c:\program files\asjfdsk\Languages\slovak.lng

2009-08-20 18:48 . 2008-03-04 06:28 11205 ----a-w- c:\program files\asjfdsk\Languages\slovenian.lng

2009-08-20 18:48 . 2008-07-11 21:26 12876 ----a-w- c:\program files\asjfdsk\Languages\spanish.lng

2009-08-20 18:48 . 2008-03-04 00:39 12048 ----a-w- c:\program files\asjfdsk\Languages\hungarian.lng

2009-08-20 18:48 . 2008-03-05 03:03 13019 ----a-w- c:\program files\asjfdsk\Languages\italian.lng

2009-08-20 18:48 . 2009-07-24 02:46 9269 ----a-w- c:\program files\asjfdsk\Languages\korean.lng

2009-08-20 18:48 . 2008-12-19 23:30 11457 ----a-w- c:\program files\asjfdsk\Languages\latvian.lng

2009-08-20 18:48 . 2008-09-11 05:29 13314 ----a-w- c:\program files\asjfdsk\Languages\macedonian.lng

2009-08-20 18:48 . 2009-02-18 03:27 11893 ----a-w- c:\program files\asjfdsk\Languages\danish.lng

2009-08-20 18:48 . 2008-03-05 02:56 12255 ----a-w- c:\program files\asjfdsk\Languages\dutch.lng

2009-08-20 18:48 . 2008-03-03 02:33 11232 ----a-w- c:\program files\asjfdsk\Languages\english.lng

2009-08-20 18:48 . 2009-07-31 16:20 11213 ----a-w- c:\program files\asjfdsk\Languages\estonian.lng

2009-08-20 18:48 . 2008-05-17 17:09 11624 ----a-w- c:\program files\asjfdsk\Languages\finnish.lng

2009-08-20 18:48 . 2008-03-05 02:57 13353 ----a-w- c:\program files\asjfdsk\Languages\french.lng

2009-08-20 18:48 . 2008-10-06 05:25 13557 ----a-w- c:\program files\asjfdsk\Languages\german.lng

2009-08-20 18:48 . 2008-10-07 22:15 13234 ----a-w- c:\program files\asjfdsk\Languages\greek.lng

2009-08-20 18:48 . 2009-01-17 03:08 12533 ----a-w- c:\program files\asjfdsk\Languages\bulgarian.lng

2009-08-20 18:48 . 2008-03-05 03:05 12595 ----a-w- c:\program files\asjfdsk\Languages\catalan.lng

2009-08-20 18:48 . 2008-08-01 16:03 8045 ----a-w- c:\program files\asjfdsk\Languages\chineseSI.lng

2009-08-20 18:48 . 2008-08-04 19:58 8141 ----a-w- c:\program files\asjfdsk\Languages\chineseTR.lng

2009-08-20 18:48 . 2008-12-27 23:41 11977 ----a-w- c:\program files\asjfdsk\Languages\croatian.lng

2009-08-20 18:48 . 2008-06-25 06:49 11551 ----a-w- c:\program files\asjfdsk\Languages\czech.lng

2009-08-20 18:48 . 2008-07-03 17:10 13924 ----a-w- c:\program files\asjfdsk\Languages\albanian.lng

2009-08-20 18:48 . 2009-04-10 07:53 10331 ----a-w- c:\program files\asjfdsk\Languages\arabic.lng

2009-08-20 18:48 . 2009-08-01 23:14 12636 ----a-w- c:\program files\asjfdsk\Languages\bosnian.lng

2009-08-20 18:48 . 2009-08-03 20:36 381712 ----a-w- c:\program files\asjfdsk\mbam-dor.exe

2009-08-20 18:48 . 2009-08-01 22:26 15942 ----a-w- c:\program files\asjfdsk\changes.rtf

2009-08-20 18:48 . 2009-01-05 02:31 4124 ----a-w- c:\program files\asjfdsk\license.txt

2009-08-20 18:48 . 2009-08-03 20:36 91408 ----a-w- c:\program files\asjfdsk\mbam.dll

2009-08-20 18:48 . 2009-07-30 22:27 59015 ----a-w- c:\program files\asjfdsk\mbam.chm

2009-08-20 18:48 . 2009-08-20 18:47 692496 ----a-w- c:\program files\asjfdsk\unins000.exe

2009-08-20 18:48 . 2009-08-20 18:48 8585 ----a-w- c:\program files\asjfdsk\unins000.dat

---- Directory of c:\program files\asjfdsk2 ----

2009-08-20 19:24 . 2009-08-20 19:24 10498 ----a-w- c:\program files\asjfdsk2\unins000.msg

2009-08-20 19:24 . 2009-08-03 20:36 232720 ----a-w- c:\program files\asjfdsk2\mbamservice.exe

2009-08-20 19:24 . 2009-08-03 20:36 419088 ----a-w- c:\program files\asjfdsk2\mbamgui.exe

2009-08-20 19:24 . 2009-08-03 20:36 46352 ----a-w- c:\program files\asjfdsk2\ssubtmr6.dll

2009-08-20 19:24 . 2009-08-03 20:36 496912 ----a-w- c:\program files\asjfdsk2\vbalsgrid6.ocx

2009-08-20 19:24 . 2009-08-03 20:36 70928 ----a-w- c:\program files\asjfdsk2\mbamext.dll

2009-08-20 19:24 . 2009-08-03 20:36 79632 ----a-w- c:\program files\asjfdsk2\zlib.dll

2009-08-20 19:24 . 2009-08-03 20:36 1295632 ----a-w- c:\program files\asjfdsk2\notanything.exe

2009-08-20 19:24 . 2008-07-11 21:26 12876 ----a-w- c:\program files\asjfdsk2\Languages\spanish.lng

2009-08-20 19:24 . 2008-11-10 00:19 12175 ----a-w- c:\program files\asjfdsk2\Languages\swedish.lng

2009-08-20 19:24 . 2009-04-15 12:00 13808 ----a-w- c:\program files\asjfdsk2\Languages\turkish.lng

2009-08-20 19:24 . 2008-11-01 00:54 13097 ----a-w- c:\program files\asjfdsk2\Languages\ukrainian.lng

2009-08-20 19:24 . 2008-09-11 05:29 13314 ----a-w- c:\program files\asjfdsk2\Languages\macedonian.lng

2009-08-20 19:24 . 2009-06-10 20:39 11593 ----a-w- c:\program files\asjfdsk2\Languages\norwegian.lng

2009-08-20 19:24 . 2009-01-11 07:56 11623 ----a-w- c:\program files\asjfdsk2\Languages\polish.lng

2009-08-20 19:24 . 2008-03-05 02:56 12245 ----a-w- c:\program files\asjfdsk2\Languages\portugueseBR.lng

2009-08-20 19:24 . 2008-06-15 20:04 12345 ----a-w- c:\program files\asjfdsk2\Languages\portuguesePT.lng

2009-08-20 19:24 . 2008-03-14 02:09 12672 ----a-w- c:\program files\asjfdsk2\Languages\romanian.lng

2009-08-20 19:24 . 2008-07-04 07:58 11779 ----a-w- c:\program files\asjfdsk2\Languages\russian.lng

2009-08-20 19:24 . 2008-03-03 13:03 12114 ----a-w- c:\program files\asjfdsk2\Languages\serbian.lng

2009-08-20 19:24 . 2008-07-26 16:58 11599 ----a-w- c:\program files\asjfdsk2\Languages\slovak.lng

2009-08-20 19:24 . 2008-03-04 06:28 11205 ----a-w- c:\program files\asjfdsk2\Languages\slovenian.lng

2009-08-20 19:24 . 2008-03-03 02:33 11232 ----a-w- c:\program files\asjfdsk2\Languages\english.lng

2009-08-20 19:24 . 2009-07-31 16:20 11213 ----a-w- c:\program files\asjfdsk2\Languages\estonian.lng

2009-08-20 19:24 . 2008-05-17 17:09 11624 ----a-w- c:\program files\asjfdsk2\Languages\finnish.lng

2009-08-20 19:24 . 2008-03-05 02:57 13353 ----a-w- c:\program files\asjfdsk2\Languages\french.lng

2009-08-20 19:24 . 2008-10-06 05:25 13557 ----a-w- c:\program files\asjfdsk2\Languages\german.lng

2009-08-20 19:24 . 2008-10-07 22:15 13234 ----a-w- c:\program files\asjfdsk2\Languages\greek.lng

2009-08-20 19:24 . 2008-03-04 00:39 12048 ----a-w- c:\program files\asjfdsk2\Languages\hungarian.lng

2009-08-20 19:24 . 2008-03-05 03:03 13019 ----a-w- c:\program files\asjfdsk2\Languages\italian.lng

2009-08-20 19:24 . 2009-07-24 02:46 9269 ----a-w- c:\program files\asjfdsk2\Languages\korean.lng

2009-08-20 19:24 . 2008-12-19 23:30 11457 ----a-w- c:\program files\asjfdsk2\Languages\latvian.lng

2009-08-20 19:24 . 2009-08-01 23:14 12636 ----a-w- c:\program files\asjfdsk2\Languages\bosnian.lng

2009-08-20 19:24 . 2009-01-17 03:08 12533 ----a-w- c:\program files\asjfdsk2\Languages\bulgarian.lng

2009-08-20 19:24 . 2008-03-05 03:05 12595 ----a-w- c:\program files\asjfdsk2\Languages\catalan.lng

2009-08-20 19:24 . 2008-08-01 16:03 8045 ----a-w- c:\program files\asjfdsk2\Languages\chineseSI.lng

2009-08-20 19:24 . 2008-08-04 19:58 8141 ----a-w- c:\program files\asjfdsk2\Languages\chineseTR.lng

2009-08-20 19:24 . 2008-12-27 23:41 11977 ----a-w- c:\program files\asjfdsk2\Languages\croatian.lng

2009-08-20 19:24 . 2008-06-25 06:49 11551 ----a-w- c:\program files\asjfdsk2\Languages\czech.lng

2009-08-20 19:24 . 2009-02-18 03:27 11893 ----a-w- c:\program files\asjfdsk2\Languages\danish.lng

2009-08-20 19:24 . 2008-03-05 02:56 12255 ----a-w- c:\program files\asjfdsk2\Languages\dutch.lng

2009-08-20 19:24 . 2008-07-03 17:10 13924 ----a-w- c:\program files\asjfdsk2\Languages\albanian.lng

2009-08-20 19:24 . 2009-04-10 07:53 10331 ----a-w- c:\program files\asjfdsk2\Languages\arabic.lng

2009-08-20 19:24 . 2009-08-03 20:36 381712 ----a-w- c:\program files\asjfdsk2\mbam-dor.exe

2009-08-20 19:24 . 2009-08-01 22:26 15942 ----a-w- c:\program files\asjfdsk2\changes.rtf

2009-08-20 19:24 . 2009-01-05 02:31 4124 ----a-w- c:\program files\asjfdsk2\license.txt

2009-08-20 19:24 . 2009-07-30 22:27 59015 ----a-w- c:\program files\asjfdsk2\mbam.chm

2009-08-20 19:24 . 2009-08-03 20:36 91408 ----a-w- c:\program files\asjfdsk2\mbam.dll

2009-08-20 19:24 . 2009-08-20 19:24 8652 ----a-w- c:\program files\asjfdsk2\unins000.dat

2009-08-20 19:24 . 2009-08-20 19:23 692496 ----a-w- c:\program files\asjfdsk2\unins000.exe

---- Directory of c:\program files\asjfdsk3 ----

2009-08-20 20:52 . 2009-08-20 20:52 10498 ----a-w- c:\program files\asjfdsk3\unins000.msg

2009-08-20 20:52 . 2009-08-03 20:36 232720 ----a-w- c:\program files\asjfdsk3\mbamservice.exe

2009-08-20 20:52 . 2009-08-03 20:36 419088 ----a-w- c:\program files\asjfdsk3\mbamgui.exe

2009-08-20 20:52 . 2009-08-03 20:36 46352 ----a-w- c:\program files\asjfdsk3\ssubtmr6.dll

2009-08-20 20:52 . 2009-08-03 20:36 496912 ----a-w- c:\program files\asjfdsk3\vbalsgrid6.ocx

2009-08-20 20:52 . 2009-08-03 20:36 70928 ----a-w- c:\program files\asjfdsk3\mbamext.dll

2009-08-20 20:52 . 2009-08-03 20:36 79632 ----a-w- c:\program files\asjfdsk3\zlib.dll

2009-08-20 20:52 . 2009-08-03 20:36 1295632 ----a-w- c:\program files\asjfdsk3\asdfsdfs.exe

2009-08-20 20:52 . 2008-03-04 06:28 11205 ----a-w- c:\program files\asjfdsk3\Languages\slovenian.lng

2009-08-20 20:52 . 2008-07-11 21:26 12876 ----a-w- c:\program files\asjfdsk3\Languages\spanish.lng

2009-08-20 20:52 . 2008-11-10 00:19 12175 ----a-w- c:\program files\asjfdsk3\Languages\swedish.lng

2009-08-20 20:52 . 2009-04-15 12:00 13808 ----a-w- c:\program files\asjfdsk3\Languages\turkish.lng

2009-08-20 20:52 . 2008-11-01 00:54 13097 ----a-w- c:\program files\asjfdsk3\Languages\ukrainian.lng

2009-08-20 20:52 . 2009-01-11 07:56 11623 ----a-w- c:\program files\asjfdsk3\Languages\polish.lng

2009-08-20 20:52 . 2008-03-05 02:56 12245 ----a-w- c:\program files\asjfdsk3\Languages\portugueseBR.lng

2009-08-20 20:52 . 2008-06-15 20:04 12345 ----a-w- c:\program files\asjfdsk3\Languages\portuguesePT.lng

2009-08-20 20:52 . 2008-03-14 02:09 12672 ----a-w- c:\program files\asjfdsk3\Languages\romanian.lng

2009-08-20 20:52 . 2008-07-04 07:58 11779 ----a-w- c:\program files\asjfdsk3\Languages\russian.lng

2009-08-20 20:52 . 2008-03-03 13:03 12114 ----a-w- c:\program files\asjfdsk3\Languages\serbian.lng

2009-08-20 20:52 . 2008-07-26 16:58 11599 ----a-w- c:\program files\asjfdsk3\Languages\slovak.lng

2009-08-20 20:52 . 2008-10-07 22:15 13234 ----a-w- c:\program files\asjfdsk3\Languages\greek.lng

2009-08-20 20:52 . 2008-03-04 00:39 12048 ----a-w- c:\program files\asjfdsk3\Languages\hungarian.lng

2009-08-20 20:52 . 2008-03-05 03:03 13019 ----a-w- c:\program files\asjfdsk3\Languages\italian.lng

2009-08-20 20:52 . 2009-07-24 02:46 9269 ----a-w- c:\program files\asjfdsk3\Languages\korean.lng

2009-08-20 20:52 . 2008-12-19 23:30 11457 ----a-w- c:\program files\asjfdsk3\Languages\latvian.lng

2009-08-20 20:52 . 2008-09-11 05:29 13314 ----a-w- c:\program files\asjfdsk3\Languages\macedonian.lng

2009-08-20 20:52 . 2009-06-10 20:39 11593 ----a-w- c:\program files\asjfdsk3\Languages\norwegian.lng

2009-08-20 20:52 . 2009-02-18 03:27 11893 ----a-w- c:\program files\asjfdsk3\Languages\danish.lng

2009-08-20 20:52 . 2008-03-05 02:56 12255 ----a-w- c:\program files\asjfdsk3\Languages\dutch.lng

2009-08-20 20:52 . 2008-03-03 02:33 11232 ----a-w- c:\program files\asjfdsk3\Languages\english.lng

2009-08-20 20:52 . 2009-07-31 16:20 11213 ----a-w- c:\program files\asjfdsk3\Languages\estonian.lng

2009-08-20 20:52 . 2008-05-17 17:09 11624 ----a-w- c:\program files\asjfdsk3\Languages\finnish.lng

2009-08-20 20:52 . 2008-03-05 02:57 13353 ----a-w- c:\program files\asjfdsk3\Languages\french.lng

2009-08-20 20:52 . 2008-10-06 05:25 13557 ----a-w- c:\program files\asjfdsk3\Languages\german.lng

2009-08-20 20:52 . 2009-08-01 23:14 12636 ----a-w- c:\program files\asjfdsk3\Languages\bosnian.lng

2009-08-20 20:52 . 2009-01-17 03:08 12533 ----a-w- c:\program files\asjfdsk3\Languages\bulgarian.lng

2009-08-20 20:52 . 2008-03-05 03:05 12595 ----a-w- c:\program files\asjfdsk3\Languages\catalan.lng

2009-08-20 20:52 . 2008-08-01 16:03 8045 ----a-w- c:\program files\asjfdsk3\Languages\chineseSI.lng

2009-08-20 20:52 . 2008-08-04 19:58 8141 ----a-w- c:\program files\asjfdsk3\Languages\chineseTR.lng

2009-08-20 20:52 . 2008-12-27 23:41 11977 ----a-w- c:\program files\asjfdsk3\Languages\croatian.lng

2009-08-20 20:52 . 2008-06-25 06:49 11551 ----a-w- c:\program files\asjfdsk3\Languages\czech.lng

2009-08-20 20:52 . 2008-07-03 17:10 13924 ----a-w- c:\program files\asjfdsk3\Languages\albanian.lng

2009-08-20 20:52 . 2009-04-10 07:53 10331 ----a-w- c:\program files\asjfdsk3\Languages\arabic.lng

2009-08-20 20:52 . 2009-08-03 20:36 381712 ----a-w- c:\program files\asjfdsk3\mbam-dor.exe

2009-08-20 20:52 . 2009-08-01 22:26 15942 ----a-w- c:\program files\asjfdsk3\changes.rtf

2009-08-20 20:52 . 2009-01-05 02:31 4124 ----a-w- c:\program files\asjfdsk3\license.txt

2009-08-20 20:52 . 2009-08-03 20:36 91408 ----a-w- c:\program files\asjfdsk3\mbam.dll

2009-08-20 20:52 . 2009-07-30 22:27 59015 ----a-w- c:\program files\asjfdsk3\mbam.chm

2009-08-20 20:52 . 2009-08-20 20:52 8652 ----a-w- c:\program files\asjfdsk3\unins000.dat

2009-08-20 20:52 . 2009-08-20 20:52 692496 ----a-w- c:\program files\asjfdsk3\unins000.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="e:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy 2\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"RivaTuner"="e:\program files\Rivatuner\RivaTuner.exe" [2009-02-25 2781184]

"RivaTunerStartupDaemon"="e:\program files\Rivatuner\RivaTuner.exe" [2009-02-25 2781184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-20 06:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\wowclient-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=

"e:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"e:\\mIRC\\mirc.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Games\\Puzzlegeddon\\Puzzlegeddon Demo\\Puzzlegeddon.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"e:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the last remnant\\Binaries\\TLR.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Firefox\\firefox.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the witcher enhanced edition\\System\\witcher.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/20/2009 11:07 AM 130936]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/23/2008 7:26 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/23/2008 7:26 PM 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/23/2008 7:26 PM 297752]

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [7/21/2009 3:50 PM 53307]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/23/2008 7:26 PM 908056]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/20/2009 11:07 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\07hr8jzj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\07hr8jzj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\Firefox\plugins\NPAskSBr.dll

FF - plugin: e:\program files\Codecs\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: e:\program files\Codecs\Real Alternative\browser\plugins\nprpjplug.dll

FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 21:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\

Link to post
Share on other sites

  • Staff

Hi,

That was me telling ComboFix to poke into the folders you made. Just wanted to be sure. :lol:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with Notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Link to post
Share on other sites

Um, sorry, I think I messed it up. I ran it once, then remembered I had forgotten to disable my AVG antivirus software again. When I disabled AVG and ran it again, it overwrote the long log file it created the first time and simply printed:

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Which is probably not much help. Any advice?

Link to post
Share on other sites

  • Staff

Don't worry. It was just a precaution.

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Here's the F-secure log:

Scanning Report

Monday, August 24, 2009 15:21:05 - 15:44:20

Computer name: AMELIA

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ E:\

13 malware found

TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Clickbank (spyware)

* System (Disinfected)

TrackingCookie.Zanox (spyware)

* System (Disinfected)

TrackingCookie.Adrevolver (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Statcounter (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Statistics

Scanned:

* Files: 45606

* System: 3459

* Not scanned: 17

Actions:

* Disinfected: 13

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

* C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 2\SPYBOTSD.EXE

* C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

* C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE3\MBAM.EXE

* C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE2\MBAM.EXE

* C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAM.EXE

* C:\PROGRAM FILES\AVG\AVG8\AVGCSRVX.EXE

* C:\PROGRAM FILES\ASJFDSK3\ASDFSDFS.EXE

* C:\PROGRAM FILES\ASJFDSK2\NOTANYTHING.EXE

* C:\PROGRAM FILES\ASJFDSK\MBAM.EXE

* C:\DOCUMENTS AND SETTINGS\DAVID\LOCAL SETTINGS\TEMP\ETILQS_QACZFJ2HMVCGVDMPNSUH

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

And here's the checkup.txt file:

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

AVG Free 8.5

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Spyware Doctor 6.1

Spybot - Search & Destroy

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 4

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9.1.3

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

And for what's wrong... I installed Malwarebytes again and it's running, which is good, but I still have several folders with installations of Malwarebyes and other anti-spyware programs that I can't run and can't delete (access denied, make sure drive isn't full or write protected). I don't know if they're causing active harm, but I would like to get rid of them since they're non-functional. Any suggestions?

Link to post
Share on other sites

  • Staff
but I still have several folders with installations of Malwarebyes and other anti-spyware programs that I can't run and can't delete (access denied, make sure drive isn't full or write protected). I don't know if they're causing active harm, but I would like to get rid of them since they're non-functional. Any suggestions?
The infection set permissions to make it so they can't run.

You can either reset the permissions manually (I can show you how), or you can remove/uninstall all relevant software and reinstall it. Second method would be easier but it's up to you.

Let me know how it goes.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.