Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router safe mode screen slow sound spyware trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Hijack This Log. Please Help

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Page 2 of 4 1 2 34
 
Thread Tools
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
14-Oct-2009, 11:01 PM #16
also, what do you think of bitdefender? it seems like it's the top software for virus protection, but i've never heard of it.
Register for free to hide this ad!
muppy03's Avatar
Senior Member with 1,310 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
15-Oct-2009, 03:34 AM #17
i dont mind it it takes more than one post
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 08:36 AM #18
oh ok. gotcha. will bet it on as soon as i get home from work. thanks. and i appreciate all your help.
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:28 PM #19
HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:57 PM, on 10/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:29 PM #20
HJT Cont...

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/active...side_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8447 bytes
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:31 PM #21
ComboFix Log:

ComboFix 09-10-14.06 - Owner 10/14/2009 21:28.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.124 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-12 04:15 . 2009-10-12 04:15 -------- d-----w- c:\documents and settings\Administrator.HOME\Local Settings\Application Data\Opera
2009-10-12 02:39 . 2009-10-12 02:39 -------- d-----w- c:\documents and settings\Administrator.HOME\Application Data\Lavasoft
2009-10-11 19:07 . 2009-10-13 23:28 -------- d-----w- c:\program files\iPod
2009-10-10 16:27 . 2009-10-10 16:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 00:03 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 00:03 . 2009-10-11 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 00:03 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 21:39 . 2009-10-08 21:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-06 04:40 . 2009-10-06 04:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 04:14 . 2009-10-06 04:14 -------- d-----w- c:\documents and settings\Administrator.HOME\PrivacIE
2009-10-04 16:39 . 2009-10-04 16:39 -------- d-----w- c:\program files\Trend Micro
2009-09-26 01:07 . 2009-10-11 19:07 -------- d-----w- c:\program files\iPod(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 02:39 . 2008-10-14 04:42 -------- d-----w- c:\program files\Common Files\Akamai
2009-10-14 23:00 . 2009-01-07 03:56 -------- d-----w- c:\program files\Norton Security Scan
2009-10-14 22:38 . 2004-01-21 09:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-14 10:53 . 2008-10-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 03:41 . 2004-05-15 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 03:41 . 2004-05-15 01:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-12 22:37 . 2004-01-21 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-11 19:07 . 2008-01-11 22:02 -------- d-----w- c:\program files\iTunes
2009-10-11 19:07 . 2008-10-10 00:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 19:05 . 2004-11-28 03:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-11 18:24 . 2008-01-11 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-05 02:47 . 2008-07-10 23:52 -------- d-----w- c:\program files\Norton 360
2009-10-03 09:39 . 2008-08-05 22:08 64000 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-10-02 04:36 . 2008-08-03 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-28 00:10 . 2009-08-29 09:06 314944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-19 20:27 . 2005-08-19 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-15 22:22 . 2008-06-09 22:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 13:01 . 2009-09-12 13:01 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 12:59 . 2009-09-12 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 12:54 . 2009-09-12 12:52 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:33 . 2004-02-16 19:14 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 00:14 . 2008-08-04 00:54 -------- d-----w- c:\program files\Ares
2009-09-08 02:34 . 2007-03-10 22:38 -------- d-----w- c:\program files\Opera
2009-09-07 18:14 . 2009-08-19 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-07 18:14 . 2009-09-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-07 18:00 . 2009-09-07 17:50 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-05 23:52 . 2009-08-03 01:56 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-05 23:44 . 2009-09-05 23:44 81144 ----a-w- c:\documents and settings\Administrator.HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-02-16 19:14 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-03-21 08:55 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-03-21 08:55 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:44 . 2009-08-27 05:44 -------- d-----w- c:\program files\WBFS
2009-08-27 03:09 . 2009-08-27 03:09 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-27 02:54 . 2009-08-27 02:54 -------- d-----w- c:\program files\Western Digital Corp
2009-08-26 08:16 . 2004-02-16 18:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 14:32 . 2004-04-14 17:10 81144 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 04:55 . 2008-11-19 01:13 -------- d-----w- c:\program files\MSBuild
2009-08-22 04:55 . 2009-08-22 04:55 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 02:56 . 2009-08-21 02:56 -------- d-----w- c:\program files\Atomic Alarm Clock
2009-08-20 22:04 . 2007-02-28 03:53 -------- d-----w- c:\program files\Desktop Tray Clock
2009-08-20 10:36 . 2009-08-20 10:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-20 10:36 . 2009-08-20 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 23:37 . 2009-08-19 23:37 -------- d-----w- c:\program files\AVG
2009-08-19 23:31 . 2009-08-19 23:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-19 22:56 . 2009-07-23 05:25 -------- d-----w- c:\program files\FlashGet
2009-08-19 03:59 . 2009-08-17 03:11 -------- d-----w- c:\program files\PCDJ DEX
2009-08-19 03:55 . 2009-08-19 03:55 -------- d-----w- c:\documents and settings\Administrator.HOME\Application Data\Motive
2009-08-19 03:19 . 2009-08-19 03:17 -------- d-----w- c:\program files\VirtualDJ
2009-08-17 04:00 . 2009-08-17 03:41 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-08-05 09:11 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-01-21 00:04 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2002-08-29 08:04 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-02-16 19:13 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-02-16 18:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-02-16 19:13 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2004-02-16 18:46 1435648 ----a-w- c:\windows\system32\query.dll
2009-04-01 03:47 . 2008-07-10 23:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-07-12 10:37 . 2009-07-12 10:37 1050147 --sha-w- c:\windows\system32\bekohofo.exe
2009-07-12 22:37 . 2009-07-12 22:37 50688 --sha-w- c:\windows\system32\duhaluno.dll
2009-07-12 22:37 . 2009-07-12 22:37 50688 --sha-w- c:\windows\system32\kotimiso.dll
2009-07-12 22:37 . 2009-07-12 22:37 38400 --sha-w- c:\windows\system32\pozayomu.dll
2009-07-12 10:37 . 2009-07-12 10:37 38400 --sha-w- c:\windows\system32\yesodeme.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_10.26.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 04:47 . 2009-10-13 04:47 16384 c:\windows\temp\Perflib_Perfdata_744.dat
+ 2009-10-14 22:39 . 2009-10-14 22:39 16384 c:\windows\temp\Perflib_Perfdata_4a4.dat
+ 2004-02-16 18:48 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2004-02-16 18:46 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
- 2004-01-21 00:04 . 2009-08-22 14:34 76512 c:\windows\system32\perfc009.dat
+ 2004-01-21 00:04 . 2009-10-14 11:04 76512 c:\windows\system32\perfc009.dat
- 2006-08-23 05:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-08-23 05:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-02-16 19:13 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
- 2004-02-16 19:13 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-01-21 00:04 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-08-20 03:55 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-20 03:55 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 20:08 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2009-08-20 03:55 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-20 03:55 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-01-21 00:04 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-02-16 19:13 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-02-16 19:13 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-11-19 01:16 . 2009-10-14 10:53 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-14 10:58 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e41 3d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476 a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3 482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c7105 5364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bb dc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86 c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-14 11:07 . 2009-10-14 11:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081 fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52 796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1 a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d5047 24d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d53391 9f57131190\dfsvc.ni.exe
+ 2009-10-14 11:12 . 2009-10-14 11:12 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664 cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
- 2009-08-22 05:05 . 2009-08-22 05:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
- 2009-08-22 05:05 . 2009-08-22 05:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-01-21 01:49 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-02-16 18:46 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
- 2004-01-21 00:04 . 2009-08-22 14:34 454432 c:\windows\system32\perfh009.dat
+ 2004-01-21 00:04 . 2009-10-14 11:04 454432 c:\windows\system32\perfh009.dat
- 2004-02-16 18:46 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-02-16 18:46 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
- 2006-08-23 05:31 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2006-08-23 05:31 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2004-02-16 19:14 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2004-02-16 19:13 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2004-02-16 19:13 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-02-16 19:13 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-02-16 19:13 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2004-02-16 19:13 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2004-02-16 19:13 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-01-21 01:49 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-03-08 09:34 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-02-16 18:47 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-02-16 18:47 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 07:12 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-03-08 09:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:44 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-08-20 03:55 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-20 03:55 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-20 04:06 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
- 2009-08-20 03:55 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-08-20 03:55 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 09:31 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 09:31 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-02-16 19:13 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-09-12 13:00 . 2009-09-12 13:00 102400 c:\windows\Installer\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}\iTunesIco.exe
+ 2009-09-12 13:00 . 2009-10-13 23:28 102400 c:\windows\Installer\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}\iTunesIco.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-14 10:58 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-14 10:59 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-14 10:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-14 10:58 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-14 10:58 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-14 11:13 . 2009-10-14 11:13 321536 c:\windows\assembly
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:35 PM #22
\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\Wsa tConfig.ni.exe
+ 2009-10-14 11:10 . 2009-10-14 11:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc2 07f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644 dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf2560 9b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b7856468 7badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364b f9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b87 91e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacd df339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd 26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017e be962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1 c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753 d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e6373 46ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bcc b700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a660 1469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a7 9af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2009-10-14 11:14 . 2009-10-14 11:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332 c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c55 21f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a 7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b 66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db5 18afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd 0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd 0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d720 8c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19 800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47 a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b440 15859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297 e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf 9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134 b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c74346 2baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a8 5c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a 54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e 2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-14 11:13 . 2009-10-14 11:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd 21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df 04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-14 11:09 . 2009-10-14 11:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da 5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16 b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c26 82d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952e fd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50 e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-14 11:13 . 2009-10-14 11:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e 0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ec c52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd4372 4dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f7 5bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae 619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f2 21ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f 792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-14 11:12 . 2009-10-14 11:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478 766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
+ 2009-10-14 11:04 . 2009-10-14 11:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
+ 2009-10-14 11:03 . 2009-10-14 11:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2009-10-14 02:08 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.2 2319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-01-21 21:20 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
- 2004-01-21 21:20 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-01-21 21:19 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2006-08-23 05:09 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
- 2006-08-23 05:09 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 09:34 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-02-16 18:46 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2004-02-16 18:46 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-08-20 04:06 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-20 04:06 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-08-20 04:06 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-20 04:06 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-08-20 04:06 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-08-20 04:06 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-20 04:06 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-08 09:41 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-20 03:55 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-20 03:55 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-09-18 14:30 . 2009-09-18 14:30 5016576 c:\windows\Installer\52f1954.msp
- 2008-11-19 01:16 . 2009-09-13 10:00 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-19 01:16 . 2009-10-14 10:53 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-19 01:16 . 2009-09-13 10:00 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-14 10:58 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-14 10:58 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-14 10:58 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-14 11:07 . 2009-10-14 11:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f2 3ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a 204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-14 11:06 . 2009-10-14 11:06 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd 173af90bc83\System.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec 833991b1047a532\System.Xml.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917 b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee 6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f 2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6532889 8148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac79 1bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb 691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea0 2bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d0225 02925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695 d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad558 27f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c 0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fe f5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee 026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9 db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa 7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-14 11:09 . 2009-10-14 11:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bb a0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0c c139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e 34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9 f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac78 19660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-14 11:09 . 2009-10-14 11:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a40780 40b334f6770ea11f\System.Core.ni.dll
+ 2009-10-14 11:09 . 2009-10-14 11:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d 2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-14 11:09 . 2009-10-14 11:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09 a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-14 11:07 . 2009-10-14 11:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701 365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b7 72b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b4 39636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-14 11:14 . 2009-10-14 11:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be 24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc 7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730 288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-14 11:13 . 2009-10-14 11:13 1888768
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:43 PM #23
c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58 999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
- 2009-08-22 05:05 . 2009-08-22 05:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
+ 2009-10-14 11:03 . 2009-10-14 11:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
- 2009-08-22 05:06 . 2009-08-22 05:06 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 11:04 . 2009-10-14 11:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 10:54 . 2009-10-02 16:01 25198016 c:\windows\system32\MRT.exe
+ 2006-08-23 05:31 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-07-19 23:48 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\52f1977.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\52f196c.msp
+ 2006-10-27 20:26 . 2006-10-27 20:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\ 12.0.4518\MSO.DLL
+ 2009-10-14 10:58 . 2009-07-19 23:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d7 6f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-14 11:15 . 2009-10-14 11:15 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac 1439a9905467f37\System.Web.ni.dll
+ 2009-10-14 11:12 . 2009-10-14 11:12 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab9 3282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924 d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6 b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-14 11:07 . 2009-10-14 11:07 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df 59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-14 11:06 . 2009-10-14 11:06 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c8 6bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-04-27 1742848]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 01:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Gmote Server.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Gmote Server.lnk
backup=c:\windows\pss\Gmote Server.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STOPzilla Local Service"=2 (0x2)
"avg8wd"=2 (0x2)
"StyleXPService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:*Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*Disabled:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:*Disabled:Akamai NetSession Interface
"2755:TCP"= 2755:TCP:*Disabled:Akamai NetSession Interface
"2860:TCP"= 2860:TCP:*Disabled:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:*Disabled:Akamai NetSession Interface
"2928:TCP"= 2928:TCP:*Disabled:Akamai NetSession Interface
"1576:TCP"= 1576:TCP:*Disabled:Akamai NetSession Interface
"1634:TCP"= 1634:TCP:*Disabled:Akamai NetSession Interface
"1649:TCP"= 1649:TCP:*Disabled:Akamai NetSession Interface
"1774:TCP"= 1774:TCP:*Disabled:Akamai NetSession Interface
"3327:TCP"= 3327:TCP:*Disabled:Akamai NetSession Interface
"3397:TCP"= 3397:TCP:*Disabled:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:*Disabled:Akamai NetSession Interface
"4705:TCP"= 4705:TCP:*Disabled:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:*Disabled:Akamai NetSession Interface
"3657:TCP"= 3657:TCP:*Disabled:Akamai NetSession Interface
"3696:TCP"= 3696:TCP:*Disabled:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:*Disabled:Akamai NetSession Interface
"3451:TCP"= 3451:TCP:*Disabled:Akamai NetSession Interface
"2332:TCP"= 2332:TCP:*Disabled:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:*Disabled:Akamai NetSession Interface
"4716:TCP"= 4716:TCP:*Disabled:Akamai NetSession Interface
"1208:TCP"= 1208:TCP:*Disabled:Akamai NetSession Interface
"2531:TCP"= 2531:TCP:*Disabled:Akamai NetSession Interface
"2593:TCP"= 2593:TCP:*Disabled:Akamai NetSession Interface
"4549:TCP"= 4549:TCP:*Disabled:Akamai NetSession Interface
"4036:TCP"= 4036:TCP:*Disabled:Akamai NetSession Interface
"4512:TCP"= 4512:TCP:*Disabled:Akamai NetSession Interface
"3993:TCP"= 3993:TCP:*Disabled:Akamai NetSession Interface
"4012:TCP"= 4012:TCP:*Disabled:Akamai NetSession Interface
"4125:TCP"= 4125:TCP:*Disabled:Akamai NetSession Interface
"2441:TCP"= 2441:TCP:*Disabled:Akamai NetSession Interface
"1180:TCP"= 1180:TCP:*Disabled:Akamai NetSession Interface
"3717:TCP"= 3717:TCP:*Disabled:Akamai NetSession Interface
"1721:TCP"= 1721:TCP:*Disabled:Akamai NetSession Interface
"3260:TCP"= 3260:TCP:*Disabled:Akamai NetSession Interface
"4435:TCP"= 4435:TCP:*Disabled:Akamai NetSession Interface
"4759:TCP"= 4759:TCP:*Disabled:Akamai NetSession Interface
"1252:TCP"= 1252:TCP:*Disabled:Akamai NetSession Interface
"2274:TCP"= 2274:TCP:*Disabled:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:*Disabled:Akamai NetSession Interface
"2616:TCP"= 2616:TCP:*Disabled:Akamai NetSession Interface
"2829:TCP"= 2829:TCP:*Disabled:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:*Disabled:Akamai NetSession Interface
"3553:TCP"= 3553:TCP:*Disabled:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:*Disabled:Akamai NetSession Interface
"4767:TCP"= 4767:TCP:*Disabled:Akamai NetSession Interface
"4782:TCP"= 4782:TCP:*Disabled:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:*Disabled:Akamai NetSession Interface
"1348:TCP"= 1348:TCP:*Disabled:Akamai NetSession Interface
"3309:TCP"= 3309:TCP:*Disabled:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:*Disabled:Akamai NetSession Interface
"3648:TCP"= 3648:TCP:*Disabled:Akamai NetSession Interface
"4634:TCP"= 4634:TCP:*Disabled:Akamai NetSession Interface

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [1/7/2006 1:58 AM 25248]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2/16/2004 1:47 PM 14336]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/7/2006 1:58 AM 163856]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2/15/2009 12:51 AM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2/15/2009 12:51 AM 4992]
S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2/15/2009 12:51 AM 6272]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2/15/2009 12:51 AM 297792]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [6/2/2008 12:02 PM 47488]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [8/31/2007 9:00 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [8/31/2007 9:15 PM 475264]
S4 Nuliecnt;Nuliecnt; [x]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" --> c:\program files\STOPzilla!\szntsvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-10-14 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?q=&ctid=CT1641676&SearchSource=2
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrec ordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-15 21:52
ComboFix-quarantined-files.txt 2009-10-15 02:50
ComboFix2.txt 2009-10-13 05:02
ComboFix3.txt 2009-10-13 03:26
ComboFix4.txt 2009-10-12 10:36

Pre-Run: 43,055,017,984 bytes free
Post-Run: 43,044,163,584 bytes free

678 --- E O F --- 2009-10-14 11:06\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377 bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-14 11:10 . 2009-10-14 11:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924 d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-14 11:08 . 2009-10-14 11:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6 b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-14 11:07 . 2009-10-14 11:07 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df 59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-14 11:06 . 2009-10-14 11:06 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c8 6bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-04-27 1742848]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 01:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:44 PM #24
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Gmote Server.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Gmote Server.lnk
backup=c:\windows\pss\Gmote Server.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STOPzilla Local Service"=2 (0x2)
"avg8wd"=2 (0x2)
"StyleXPService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:*Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*Disabled:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:*Disabled:Akamai NetSession Interface
"2755:TCP"= 2755:TCP:*Disabled:Akamai NetSession Interface
"2860:TCP"= 2860:TCP:*Disabled:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:*Disabled:Akamai NetSession Interface
"2928:TCP"= 2928:TCP:*Disabled:Akamai NetSession Interface
"1576:TCP"= 1576:TCP:*Disabled:Akamai NetSession Interface
"1634:TCP"= 1634:TCP:*Disabled:Akamai NetSession Interface
"1649:TCP"= 1649:TCP:*Disabled:Akamai NetSession Interface
"1774:TCP"= 1774:TCP:*Disabled:Akamai NetSession Interface
"3327:TCP"= 3327:TCP:*Disabled:Akamai NetSession Interface
"3397:TCP"= 3397:TCP:*Disabled:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:*Disabled:Akamai NetSession Interface
"4705:TCP"= 4705:TCP:*Disabled:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:*Disabled:Akamai NetSession Interface
"3657:TCP"= 3657:TCP:*Disabled:Akamai NetSession Interface
"3696:TCP"= 3696:TCP:*Disabled:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:*Disabled:Akamai NetSession Interface
"3451:TCP"= 3451:TCP:*Disabled:Akamai NetSession Interface
"2332:TCP"= 2332:TCP:*Disabled:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:*Disabled:Akamai NetSession Interface
"4716:TCP"= 4716:TCP:*Disabled:Akamai NetSession Interface
"1208:TCP"= 1208:TCP:*Disabled:Akamai NetSession Interface
"2531:TCP"= 2531:TCP:*Disabled:Akamai NetSession Interface
"2593:TCP"= 2593:TCP:*Disabled:Akamai NetSession Interface
"4549:TCP"= 4549:TCP:*Disabled:Akamai NetSession Interface
"4036:TCP"= 4036:TCP:*Disabled:Akamai NetSession Interface
"4512:TCP"= 4512:TCP:*Disabled:Akamai NetSession Interface
"3993:TCP"= 3993:TCP:*Disabled:Akamai NetSession Interface
"4012:TCP"= 4012:TCP:*Disabled:Akamai NetSession Interface
"4125:TCP"= 4125:TCP:*Disabled:Akamai NetSession Interface
"2441:TCP"= 2441:TCP:*Disabled:Akamai NetSession Interface
"1180:TCP"= 1180:TCP:*Disabled:Akamai NetSession Interface
"3717:TCP"= 3717:TCP:*Disabled:Akamai NetSession Interface
"1721:TCP"= 1721:TCP:*Disabled:Akamai NetSession Interface
"3260:TCP"= 3260:TCP:*Disabled:Akamai NetSession Interface
"4435:TCP"= 4435:TCP:*Disabled:Akamai NetSession Interface
"4759:TCP"= 4759:TCP:*Disabled:Akamai NetSession Interface
"1252:TCP"= 1252:TCP:*Disabled:Akamai NetSession Interface
"2274:TCP"= 2274:TCP:*Disabled:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:*Disabled:Akamai NetSession Interface
"2616:TCP"= 2616:TCP:*Disabled:Akamai NetSession Interface
"2829:TCP"= 2829:TCP:*Disabled:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:*Disabled:Akamai NetSession Interface
"3553:TCP"= 3553:TCP:*Disabled:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:*Disabled:Akamai NetSession Interface
"4767:TCP"= 4767:TCP:*Disabled:Akamai NetSession Interface
"4782:TCP"= 4782:TCP:*Disabled:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:*Disabled:Akamai NetSession Interface
"1348:TCP"= 1348:TCP:*Disabled:Akamai NetSession Interface
"3309:TCP"= 3309:TCP:*Disabled:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:*Disabled:Akamai NetSession Interface
"3648:TCP"= 3648:TCP:*Disabled:Akamai NetSession Interface
"4634:TCP"= 4634:TCP:*Disabled:Akamai NetSession Interface

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [1/7/2006 1:58 AM 25248]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2/16/2004 1:47 PM 14336]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/7/2006 1:58 AM 163856]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2/15/2009 12:51 AM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2/15/2009 12:51 AM 4992]
S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2/15/2009 12:51 AM 6272]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2/15/2009 12:51 AM 297792]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [6/2/2008 12:02 PM 47488]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [8/31/2007 9:00 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [8/31/2007 9:15 PM 475264]
S4 Nuliecnt;Nuliecnt; [x]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" --> c:\program files\STOPzilla!\szntsvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-10-14 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?q=&ctid=CT1641676&SearchSource=2
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrec ordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-15 21:52
ComboFix-quarantined-files.txt 2009-10-15 02:50
ComboFix2.txt 2009-10-13 05:02
ComboFix3.txt 2009-10-13 03:26
ComboFix4.txt 2009-10-12 10:36

Pre-Run: 43,055,017,984 bytes free
Post-Run: 43,044,163,584 bytes free

678 --- E O F --- 2009-10-14 11:06
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
15-Oct-2009, 06:44 PM #25
i hope this is the way you wanted it.
muppy03's Avatar
Senior Member with 1,310 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
16-Oct-2009, 12:14 AM #26
Looks like you did not drag the script into combofix as described in my last post. Can you please re-do.

Thank you
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
16-Oct-2009, 10:46 AM #27
oops. i will post new combofix asap. sorry.
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
16-Oct-2009, 07:40 PM #28
Hope I did this right:

ComboFix 09-10-16.03 - Owner 10/16/2009 17:35.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.139 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::
"c:\windows\system32\drivers\PavProc.sys"
"c:\windows\system32\duhaluno.dll"
"c:\windows\system32\hitodute.dll"
"c:\windows\system32\kotimiso.dll"
"c:\windows\system32\pozayomu.dll"
"c:\windows\system32\yesodeme.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bekohofo.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-16 00:36 . 2009-10-16 03:29 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-15 23:55 . 2009-10-16 03:38 -------- d-----w- c:\program files\BitDefender
2009-10-15 23:50 . 2009-10-16 03:38 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-12 04:15 . 2009-10-12 04:15 -------- d-----w- c:\documents and settings\Administrator.HOME\Local Settings\Application Data\Opera
2009-10-12 02:39 . 2009-10-12 02:39 -------- d-----w- c:\documents and settings\Administrator.HOME\Application Data\Lavasoft
2009-10-11 19:07 . 2009-10-13 23:28 -------- d-----w- c:\program files\iPod
2009-10-10 16:27 . 2009-10-10 16:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 00:03 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 00:03 . 2009-10-11 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 00:03 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 21:39 . 2009-10-08 21:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-06 04:40 . 2009-10-06 04:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 04:14 . 2009-10-06 04:14 -------- d-----w- c:\documents and settings\Administrator.HOME\PrivacIE
2009-10-04 16:39 . 2009-10-04 16:39 -------- d-----w- c:\program files\Trend Micro
2009-09-26 01:07 . 2009-10-11 19:07 -------- d-----w- c:\program files\iPod(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 22:50 . 2008-10-14 04:42 -------- d-----w- c:\program files\Common Files\Akamai
2009-10-16 10:47 . 2004-01-21 09:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-14 23:00 . 2009-01-07 03:56 -------- d-----w- c:\program files\Norton Security Scan
2009-10-14 10:53 . 2008-10-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 03:41 . 2004-05-15 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 03:41 . 2004-05-15 01:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-12 22:37 . 2004-01-21 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-11 19:07 . 2008-01-11 22:02 -------- d-----w- c:\program files\iTunes
2009-10-11 19:07 . 2008-10-10 00:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 19:05 . 2004-11-28 03:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-11 18:24 . 2008-01-11 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-05 02:47 . 2008-07-10 23:52 -------- d-----w- c:\program files\Norton 360
2009-10-03 09:39 . 2008-08-05 22:08 64000 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-10-02 04:36 . 2008-08-03 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-28 00:10 . 2009-08-29 09:06 314944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-19 20:27 . 2005-08-19 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-15 22:22 . 2008-06-09 22:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 13:01 . 2009-09-12 13:01 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 12:59 . 2009-09-12 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 12:54 . 2009-09-12 12:52 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:33 . 2004-02-16 19:14 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 00:14 . 2008-08-04 00:54 -------- d-----w- c:\program files\Ares
2009-09-08 02:34 . 2007-03-10 22:38 -------- d-----w- c:\program files\Opera
2009-09-07 18:14 . 2009-08-19 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-07 18:14 . 2009-09-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-07 18:00 . 2009-09-07 17:50 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-05 23:52 . 2009-08-03 01:56 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-05 23:44 . 2009-09-05 23:44 81144 ----a-w- c:\documents and settings\Administrator.HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-02-16 19:14 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-06 23:05 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-03-21 08:55 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-03-21 08:55 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:44 . 2009-08-27 05:44 -------- d-----w- c:\program files\WBFS
2009-08-27 03:09 . 2009-08-27 03:09 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-27 02:56 . 2009-08-27 02:56 1078 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_A337FA7F14B1AA85BFA8A6.exe
2009-08-27 02:56 . 2009-08-27 02:56 1078 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_7CFBC8C69E44C18F04FF2E.exe
2009-08-27 02:56 . 2009-08-27 02:56 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_3B0267A284AF1E1AD9D67E.exe
2009-08-27 02:54 . 2009-08-27 02:54 -------- d-----w- c:\program files\Western Digital Corp
2009-08-26 08:16 . 2004-02-16 18:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 14:32 . 2004-04-14 17:10 81144 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 04:55 . 2008-11-19 01:13 -------- d-----w- c:\program files\MSBuild
2009-08-22 04:55 . 2009-08-22 04:55 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 02:56 . 2009-08-21 02:56 -------- d-----w- c:\program files\Atomic Alarm Clock
2009-08-20 22:04 . 2007-02-28 03:53 -------- d-----w- c:\program files\Desktop Tray Clock
2009-08-20 10:36 . 2009-08-20 10:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-20 10:36 . 2009-08-20 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 23:37 . 2009-08-19 23:37 -------- d-----w- c:\program files\AVG
2009-08-19 23:31 . 2009-08-19 23:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-19 22:56 . 2009-07-23 05:25 -------- d-----w- c:\program files\FlashGet
2009-08-19 03:59 . 2009-08-17 03:11 -------- d-----w- c:\program files\PCDJ DEX
2009-08-19 03:55 . 2009-08-19 03:55 -------- d-----w- c:\documents and settings\Administrator.HOME\Application Data\Motive
2009-08-19 03:19 . 2009-08-19 03:17 -------- d-----w- c:\program files\VirtualDJ
2009-08-05 09:11 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-01-21 00:04 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2002-08-29 08:04 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-02-16 19:13 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-02-16 18:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-04-01 03:47 . 2008-07-10 23:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 23:08 . 2009-10-16 00:05 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-15_02.45.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-13 04:47 . 2009-10-13 04:47 16384 c:\windows\temp\Perflib_Perfdata_744.dat
+ 2009-10-16 10:47 . 2009-10-16 10:47 16384 c:\windows\temp\Perflib_Perfdata_744.dat
+ 2009-10-16 10:47 . 2009-10-16 10:47 16384 c:\windows\temp\Perflib_Perfdata_530.dat
+ 2003-02-21 10:16 . 2003-02-21 10:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2004-01-21 00:04 . 2009-10-16 22:20 80202 c:\windows\system32\perfc009.dat
- 2002-01-05 19:38 . 2002-01-05 19:38 54784 c:\windows\system32\msvci70.dll
+ 2002-01-05 08:38 . 2002-01-05 08:38 54784 c:\windows\system32\msvci70.dll
+ 2004-07-15 07:11 . 2004-07-15 07:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-06-22 18:51 . 2004-06-22 18:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions. dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thun k.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.d ll
+ 2003-02-21 12:25 . 2003-02-21 12:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 05:34 . 2004-07-15 05:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 23:43 . 2003-02-20 23:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 00:18 . 2003-02-21 00:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 00:06 . 2003-02-21 00:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 12:25 . 2003-02-21 12:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProces sor.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 00:22 . 2003-02-21 00:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 19:30 . 2003-10-08 19:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 09:12 . 2003-02-21 09:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 05:32 . 2004-07-15 05:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 10:00 . 2003-02-21 10:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 08:55 . 2003-02-21 08:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 07:59 . 2003-02-21 07:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 16896 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0 __b03f5f7f11d50a3a_b622fae4\VJSWfcBrowserStubLib.dll
+ 2009-10-16 22:23 . 2009-10-16 22:23 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0 __b03f5f7f11d50a3a_b583c289\VJSWfcBrowserStubLib.dll
+ 2009-10-16 22:23 . 2009-10-16 22:23 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11 d50a3a_67827c3d\vjslibcw.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0_ _b03f5f7f11d50a3a_37d86592\VJSharpCodeProvider.dll
+ 2009-10-16 22:23 . 2009-10-16 22:23 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d5 0a3a_dc3a7e19\vjscor.dll
+ 2009-10-16 22:25 . 2009-10-16 22:25 18432 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d5 0a3a_952b519c\vjscor.dll
+ 2009-10-16 22:21 . 2009-10-16 22:21 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_f8916419\System.Drawing.Design.dll
+ 2009-10-16 22:21 . 2009-10-16 22:21 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_2f2ead40\CustomMarshalers.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f1 1d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System .Security.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Thunk.dll
+ 2009-10-15 23:53 . 2009-10-15 23:53 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\ System.Drawing.Design.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a 3a\System.DirectoryServices.dll
+ 2009-10-15 23:53 . 2009-10-15 23:53 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11 d50a3a\System.Configuration.Install.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsof t.Vsa.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5 f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50 a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrappe r.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dl l
+ 2003-02-20 23:43 . 2003-02-20 23:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Micros oft_VsaVb.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Micr osoft.VisualC.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRem ote.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessib ility.dll
+ 2004-01-21 00:04 . 2009-10-16 22:20 462760 c:\windows\system32\perfh009.dat
- 2008-06-03 05:36 . 2009-06-29 10:53 348160 c:\windows\system32\msvcr71.dll
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\system32\msvcr71.dll
+ 2002-01-05 07:37 . 2002-01-05 07:37 344064 c:\windows\system32\msvcr70.dll
- 2002-01-05 18:37 . 2002-01-05 18:37 344064 c:\windows\system32\msvcr70.dll
+ 2003-03-19 01:14 . 2003-03-19 01:14 499712 c:\windows\system32\msvcp71.dll
- 2008-06-03 05:36 . 2009-06-29 10:53 499712 c:\windows\system32\msvcp71.dll
+ 2002-01-05 08:40 . 2002-01-05 08:40 487424 c:\windows\system32\msvcp70.dll
- 2002-01-05 18:40 . 2002-01-05 18:40 487424 c:\windows\system32\msvcp70.dll
+ 2002-01-05 08:36 . 2002-01-05 08:36 964608 c:\windows\system32\mfc70u.dll
- 2002-01-05 19:36 . 2002-01-05 19:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 08:48 . 2002-01-05 08:48 974848 c:\windows\system32\mfc70.dll
- 2002-01-05 19:48 . 2002-01-05 19:48 974848 c:\windows\system32\mfc70.dll
+ 2004-03-31 18:28 . 2004-03-31 18:28 131072 c:\windows\system32\mapi32.dll
- 2007-04-11 19:11 . 2007-04-11 19:11 511328 c:\windows\system32\capicom.dll
+ 2007-04-11 16:11 . 2007-04-11 16:11 511328 c:\windows\system32\capicom.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.F ormatters.Soap.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 241664
adrianq1029's Avatar
Member with 65 posts.
  
Join Date: Jul 2004
Experience: Intermediate
16-Oct-2009, 07:42 PM #29
c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2004-08-10 21:20 . 2004-08-10 21:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 05:25 . 2004-07-15 05:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:24 . 2004-07-15 05:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 00:16 . 2003-02-21 00:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 15:21 . 2003-02-21 15:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 16:11 . 2002-07-29 16:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2004-07-15 06:49 . 2004-07-15 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 10:04 . 2003-02-21 10:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 08:02 . 2003-02-21 08:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 155648 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0_ _b03f5f7f11d50a3a_7d65f3fa\VJSharpCodeProvider.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_1fb499de\System.Drawing.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_1a142122\System.Drawing.Design.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_b88f7ad3\CustomMarshalers.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\Sy stem.Web.Services.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\Syst em.Web.Mobile.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\ System.ServiceProcess.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.50 00.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e08 9\System.Runtime.Remoting.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\Syste m.Messaging.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\Syst em.Management.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System. Drawing.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\ Microsoft.VisualBasic.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Micr osoft.JScript.dll
- 2003-03-19 12:12 . 2006-08-29 21:11 1047552 c:\windows\system32\MFC71u.dll
+ 2003-03-19 02:12 . 2003-03-19 02:12 1047552 c:\windows\system32\mfc71u.dll
- 2003-03-19 12:20 . 2003-03-19 18:19 1060864 c:\windows\system32\MFC71.DLL
+ 2003-03-19 02:20 . 2003-03-19 02:20 1060864 c:\windows\system32\mfc71.dll
+ 2004-07-15 13:15 . 2004-07-15 13:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 05:28 . 2004-07-15 05:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 05:26 . 2004-07-15 05:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2009-10-15 23:53 . 2009-10-15 23:53 3449344 c:\windows\Installer\246c7f.msi
+ 2009-10-16 22:23 . 2009-10-16 22:23 4460544 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d5 0a3a_74812f89\vjslib.dll
+ 2009-10-16 22:21 . 2009-10-16 22:21 1953792 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_dad918fc\System.dll
+ 2009-10-16 22:23 . 2009-10-16 22:23 4763648 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_6fb4f161\System.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 5505024 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_d3233fa6\System.Xml.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_31e12a38\System.Xml.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 7880704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_ef42400b\System.Windows.Forms.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 3014656 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_7013f721\System.Windows.Forms.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_9406dcc5\System.Drawing.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_db0c0a67\System.Design.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_b93892d8\System.Design.dll
+ 2009-10-16 22:22 . 2009-10-16 22:22 3379200 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_e7763660\mscorlib.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24 8880128 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_48352167\mscorlib.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 1224704 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML. dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\S ystem.Windows.Forms.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 1257472 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.D esign.dll
+ 2009-10-16 22:20 . 2009-10-16 22:20 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Dat a.dll
+ 2009-10-15 23:52 . 2009-10-15 23:52 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-10-16 22:18 . 2009-10-16 22:18 19210240 c:\windows\Installer\279de8a.msp
+ 2009-10-16 22:25 . 2009-10-16 22:25 12156928 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d5 0a3a_7f1ca069\vjslib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-04-27 1742848]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 01:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Gmote Server.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Gmote Server.lnk
backup=c:\windows\pss\Gmote Server.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STOPzilla Local Service"=2 (0x2)
"avg8wd"=2 (0x2)
"StyleXPService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:*Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*Disabled:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:*Disabled:Akamai NetSession Interface
"2755:TCP"= 2755:TCP:*Disabled:Akamai NetSession Interface
"2860:TCP"= 2860:TCP:*Disabled:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:*Disabled:Akamai NetSession Interface
"2928:TCP"= 2928:TCP:*Disabled:Akamai NetSession Interface
"1576:TCP"= 1576:TCP:*Disabled:Akamai NetSession Interface
"1634:TCP"= 1634:TCP:*Disabled:Akamai NetSession Interface
"1649:TCP"= 1649:TCP:*Disabled:Akamai NetSession Interface
"1774:TCP"= 1774:TCP:*Disabled:Akamai NetSession Interface
"3327:TCP"= 3327:TCP:*Disabled:Akamai NetSession Interface
"3397:TCP"= 3397:TCP:*Disabled:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:*Disabled:Akamai NetSession Interface
"4705:TCP"= 4705:TCP:*Disabled:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:*Disabled:Akamai NetSession Interface
"3657:TCP"= 3657:TCP:*Disabled:Akamai NetSession Interface
"3696:TCP"= 3696:TCP:*Disabled:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:*Disabled:Akamai NetSession Interface
"3451:TCP"= 3451:TCP:*Disabled:Akamai NetSession Interface
"2332:TCP"= 2332:TCP:*Disabled:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:*Disabled:Akamai NetSession Interface
"4716:TCP"= 4716:TCP:*Disabled:Akamai NetSession Interface
"1208:TCP"= 1208:TCP:*Disabled:Akamai NetSession Interface
"2531:TCP"= 2531:TCP:*Disabled:Akamai NetSession Interface
"2593:TCP"= 2593:TCP:*Disabled:Akamai NetSession Interface
"4549:TCP"= 4549:TCP:*Disabled:Akamai NetSession Interface
"4036:TCP"= 4036:TCP:*Disabled:Akamai NetSession Interface
"4512:TCP"= 4512:TCP:*Disabled:Akamai NetSession Interface
"3993:TCP"= 3993:TCP:*Disabled:Akamai NetSession Interface
"4012:TCP"= 4012:TCP:*Disabled:Akamai NetSession Interface
"4125:TCP"= 4125:TCP:*Disabled:Akamai NetSession Interface
"2441:TCP"= 2441:TCP:*Disabled:Akamai NetSession Interface
"1180:TCP"= 1180:TCP:*Disabled:Akamai NetSession Interface
"3717:TCP"= 3717:TCP:*Disabled:Akamai NetSession Interface
"1721:TCP"= 1721:TCP:*Disabled:Akamai NetSession Interface
"3260:TCP"= 3260:TCP:*Disabled:Akamai NetSession Interface
"4435:TCP"= 4435:TCP:*Disabled:Akamai NetSession Interface
"4759:TCP"= 4759:TCP:*Disabled:Akamai NetSession Interface
"1252:TCP"= 1252:TCP:*Disabled:Akamai NetSession Interface
"2274:TCP"= 2274:TCP:*Disabled:Akamai NetSession Interface
"3636:TCP"= 3636:TCP:*Disabled:Akamai NetSession Interface
"2616:TCP"= 2616:TCP:*Disabled:Akamai NetSession Interface
"2829:TCP"= 2829:TCP:*Disabled:Akamai NetSession Interface
"2098:TCP"= 2098:TCP:*Disabled:Akamai NetSession Interface
"3553:TCP"= 3553:TCP:*Disabled:Akamai NetSession Interface
"3801:TCP"= 3801:TCP:*Disabled:Akamai NetSession Interface
"4767:TCP"= 4767:TCP:*Disabled:Akamai NetSession Interface
"4782:TCP"= 4782:TCP:*Disabled:Akamai NetSession Interface
"4821:TCP"= 4821:TCP:*Disabled:Akamai NetSession Interface
"1348:TCP"= 1348:TCP:*Disabled:Akamai NetSession Interface
"3309:TCP"= 3309:TCP:*Disabled:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:*Disabled:Akamai NetSession Interface
"3648:TCP"= 3648:TCP:*Disabled:Akamai NetSession Interface
"4634:TCP"= 4634:TCP:*Disabled:Akamai NetSession Interface

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2/15/2009 12:51 AM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2/15/2009 12:51 AM 4992]
S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2/15/2009 12:51 AM 6272]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2/15/2009 12:51 AM 297792]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [6/2/2008 12:02 PM 47488]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [8/31/2007 9:00 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [8/31/2007 9:15 PM 475264]
S4 Nuliecnt;Nuliecnt; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-10-14 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?q=&ctid=CT1641676&SearchSource=2
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4wuvfee.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrec ordext.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 17:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-10-16 17:57
ComboFix-quarantined-files.txt 2009-10-16 22:56
ComboFix2.txt 2009-10-15 23:34
ComboFix3.txt 2009-10-15 02:52
ComboFix4.txt 2009-10-13 05:02
ComboFix5.txt 2009-10-16 22:33

Pre-Run: 42,879,279,104 bytes free
Post-Run: 42,932,015,104 bytes free

522 --- E O F --- 2009-10-16 22:21
muppy03's Avatar
Senior Member with 1,310 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
16-Oct-2009, 11:12 PM #30
Quote:
I've been getting a lot of pop ups lately and also my internet has dramatically been slower. I am running Windows XP SP 2 and if you need anymore information I'll be glad to provide that to you.
How is the computer running now?

Quote:
also, what do you think of bitdefender? it seems like it's the top software for virus protection, but i've never heard of it
I have not used it, but remember Antivirus alone will not stop all. Surfing habits is also of great importance.

You use Ares (P2P). The use of these programs is one of the biggest source of infection, a lot of forums will not even help someone until all are removed.

It looks like you have installed Bitdefender. Take note that having more than one Antivirus program on your computer can cause conflicts. If you are going to run Bitdefender, I would suggest uninstalling Norton. Let me know what you are going to do,
Quote:
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.
You still also have remnants of AVG8 on your system. I would recommend running the AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 16
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code:
    Java(TM) 6 Update 7
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
    Click Exit on the Main menu to close the program.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report
  • New HJT log
__________________
Graduate of Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
Reply Bookmark and Share
Page 2 of 4 1 2 34

Tags
hijack, internet, popups, slow

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 06:36 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.