Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
| Thread Tools |
28-Jul-2010, 02:56 PM
#1 | |||||
| A couple of problems with my desktop PC My desktop computer is currently suffering a number of things. First, it has the Windows svchost bug which causes the CPU to spike up to 100% in a short amount of time. I did some searching and came across a solution which involves me downloading windowsupdateagent30-x86.exe. Then, I found another problem while trying to do this. It seems that my computer has a bug which is not detected (by Housecall or AVG), and it does not let me access Microsoft's updates web page and for some reason, won't let me post on this forum (I'm posting from my laptop). Any time I try opening those pages, it says there was a problem loading the page. So, I ran HijackThis and was wondering if anyone could spot any problems. Also, if anyone has a better solution to the svchost bug I'd appreciate it. Thanks! PS - This problem just popped up a few minutes ago while doing some searching on my desktop. Whenever I use the Search bar on the top right-hand corner of Firefox's window, it redirects me to some ad pages. Anyway, heres the log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:15:42 PM, on 7/28/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\plugin-container.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.intel.com/support/chi.../CS-020683.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [TSC] "C:\DOCUME~1\admin\LOCALS~1\Temp\HouseCall\tsc.exe" /HD O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent.exe" O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.simnetenterprise.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7817 bytes |
| |
29-Jul-2010, 07:27 AM
#3 | |||||
| Delete any existing version of ComboFix you have sitting on your desktop Please read and follow all these instructions very carefully Download ComboFix from Here or Hereto your Desktop. **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer** -------------------------------------------------------------------- 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Close any open browsers and any other programs you might have running Double click on combofix.exe & follow the prompts. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"Please select yes & let it download the files it needs to do this When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. Please tell us if it has cured the problems or if there are any outstanding issues
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
29-Jul-2010, 10:23 PM
#5 | |||||
| just finished running combofix and this is what it gave me: ComboFix 10-07-29.01 - admin 07/29/2010 21:06:47.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.607 [GMT -4:00] Running from: c:\temp\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\admin\Local Settings\Application Data\{EFB55EC9-F107-45EB-AD99-680D2407BE6A} c:\documents and settings\admin\Local Settings\Application Data\{EFB55EC9-F107-45EB-AD99-680D2407BE6A}\chrome\content\_cfg.js c:\documents and settings\admin\Local Settings\Application Data\{EFB55EC9-F107-45EB-AD99-680D2407BE6A}\chrome\content\overlay.xul c:\documents and settings\admin\Local Settings\Application Data\{EFB55EC9-F107-45EB-AD99-680D2407BE6A}\install.rdf c:\documents and settings\admin\Recent\Copy of Mestizos Coreo Mix.veg.zip c:\documents and settings\Audacity\audacity.exe c:\program files\Mozilla Firefox\searchplugins\google_search.xml c:\windows\$NtUninstallMTF1011$ c:\windows\$NtUninstallMTF1011$\zrpt.xml c:\windows\system32\dxsetup.exe c:\windows\system32\file.exe c:\windows\system32\ReadMe.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 ))))))))))))))))))))))))))))))) . 2010-07-30 01:00 . 2010-07-30 01:00 3746882 ----a-r- c:\temp\ComboFix.exe 2010-07-29 23:05 . 2010-07-29 23:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-29 05:18 . 2010-07-29 05:18 -------- d-----w- c:\windows\system32\XPSViewer 2010-07-29 05:17 . 2010-07-29 05:17 -------- d-----w- c:\program files\Reference Assemblies 2010-07-29 05:17 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-07-29 05:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-07-29 05:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-07-29 05:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-07-29 05:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-07-29 05:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-07-29 05:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-07-29 05:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-07-29 05:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-07-29 04:14 . 2010-07-29 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-29 04:14 . 2010-07-29 04:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-29 04:12 . 2010-07-29 04:13 16409960 ----a-w- c:\temp\spybotsd162.exe 2010-07-28 17:14 . 2010-07-28 17:14 388096 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-28 17:14 . 2010-07-28 17:14 -------- d-----w- c:\program files\Trend Micro 2010-07-28 16:38 . 2010-07-28 16:38 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe 2010-07-28 03:11 . 2010-07-28 03:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-07-27 23:10 . 2010-07-27 23:10 -------- d-----w- c:\windows\ie8updates 2010-07-27 23:10 . 2010-07-27 23:10 -------- d-----w- c:\program files\MSXML 4.0 2010-07-26 23:19 . 2010-07-26 23:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-07-26 22:06 . 2010-07-26 22:06 1835704 ----a-w- c:\temp\MSDownloaderV88(2).exe 2010-07-26 22:04 . 2010-07-26 23:41 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2010-07-26 22:04 . 2010-07-26 23:41 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2010-07-26 22:04 . 2010-07-26 23:41 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2010-07-26 22:04 . 2010-07-26 23:41 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2010-07-26 22:04 . 2010-07-26 23:41 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2010-07-26 22:04 . 2010-07-26 23:41 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2010-07-26 22:04 . 2010-07-26 22:04 3355328 ----a-w- c:\temp\NexonGameManager(2).exe 2010-07-26 21:45 . 2010-07-26 21:45 1870800 ----a-w- c:\temp\HousecallLauncher.exe 2010-07-26 21:45 . 2010-07-26 21:45 2203584 ----a-w- c:\temp\HousecallLauncher64.exe 2010-07-26 21:39 . 2010-07-26 21:39 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-26 21:33 . 2010-07-26 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-07-26 21:33 . 2010-07-26 21:33 -------- d-----w- c:\documents and settings\Administrator\IETldCache 2010-07-26 21:32 . 2010-07-26 21:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-07-26 21:32 . 2010-07-26 21:37 -------- d-s---w- c:\documents and settings\Administrator 2010-07-26 19:17 . 2010-07-26 19:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-07-26 19:16 . 2010-07-26 19:16 120 ----a-w- c:\windows\Jfizagedeyoxi.dat 2010-07-26 19:16 . 2010-07-26 19:16 0 ----a-w- c:\windows\Qkafejejifigoci.bin 2010-07-23 22:33 . 2010-07-23 22:33 1835704 ----a-w- c:\temp\MSDownloaderV88.exe 2010-07-23 22:32 . 2010-07-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS 2010-07-23 22:31 . 2010-07-23 22:31 3355328 ----a-w- c:\temp\NexonGameManager.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 23:47 . 2009-03-25 21:03 69688 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-29 05:18 . 2009-04-02 21:52 -------- d-----w- c:\program files\MSBuild 2010-07-29 05:09 . 2009-03-31 21:23 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent 2010-07-26 22:07 . 2009-06-14 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-07-12 00:46 . 2009-04-02 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-23 17:04 . 2009-03-31 21:23 322352 ----a-w- c:\program files\utorrent.exe 2010-06-22 02:06 . 2009-05-28 03:15 2 -c--a-w- c:\windows\Error6.dat 2010-06-22 02:06 . 2009-05-28 03:15 15300 -c--a-w- c:\windows\White6.dat 2010-06-22 02:06 . 2009-05-28 03:15 15300 -c--a-w- c:\windows\Dark6.dat 2010-06-22 02:06 . 2009-05-28 03:15 6 -c--a-w- c:\windows\Expo6.dat 2010-06-22 02:06 . 2009-05-28 03:14 1 -c--a-w- c:\windows\Offset6.dat 2010-06-17 01:58 . 2009-04-05 18:06 -------- d-----w- c:\documents and settings\admin\Application Data\FrostWire 2010-05-22 07:01 . 2010-05-22 07:01 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\msvcp71.dll 2010-05-22 07:01 . 2010-05-22 07:01 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\jmc.dll 2010-05-22 07:01 . 2010-05-22 07:01 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\msvcr71.dll 2010-05-16 22:05 . 2010-05-16 22:05 7323 ----a-w- c:\documents and settings\Audacity\unins000.dat 2010-05-16 22:04 . 2010-05-16 22:05 674074 ----a-w- c:\documents and settings\Audacity\unins000.exe 2010-05-10 01:25 . 2010-05-10 01:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrows errecordext.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-05-10 01:25 . 2010-05-10 01:25 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordh elper.dll 2010-05-10 01:25 . 2010-05-10 01:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.d ll 2010-05-10 01:25 . 2010-05-10 01:25 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll 2010-05-10 01:25 . 2010-05-10 01:25 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-10 01:24 . 2009-03-30 23:05 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-10 01:24 . 2009-03-30 23:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-26 19:02 . 2010-03-26 19:02 6948739 ----a-w- c:\program files\VDownloaderSetup2.6.exe 2008-11-11 03:23 . 2008-11-11 03:23 129 ----a-w- c:\program files\Free-Codecs.txt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" [X] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EPSON Stylus C88 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-10 202256] c:\documents and settings\admin\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 22:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "uTorrent"="c:\program files\utorrent.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List] "58272:TCP"= 58272:TCP:Pando Media Booster "58272:UDP"= 58272:UDP:Pando Media Booster "56743:TCP"= 56743:TCP:Pando Media Booster "56743:UDP"= 56743:UDP:Pando Media Booster R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [5/27/2009 11:06 PM 3616] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/25/2009 5:56 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/25/2009 5:56 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/25/2009 5:56 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/25/2009 5:56 PM 297752] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/30/2009 5:40 PM 1684736] . Contents of the 'Scheduled Tasks' folder 2010-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1647877149-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1647877149-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://support.intel.com/support/chipsets/sb/CS-020683.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: simnetenterprise.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\jeaoeson.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s= FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrows errecordext.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-iDump - c:\program files\iDump\uninst.exe AddRemove-Veetle TV - c:\program files\Veetle\UninstallVeetleTV.exe AddRemove-{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1 - c:\program files\3GP Player 2009\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-29 21:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-507921405-1647877149-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f6,83,7f,4e,36,2a,31,ea,17,2a,ac,90,1e,50,92,8f,9b,56,c4,d2,fb,9e, 6e, 1a,ae,e8,e5,75,44,f3,08,d0,ec,fe,3c,a8,5e,bb,7f,71,be,7e,b0,52,f0,d8,06,e8, \ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3444) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\RTHDCPL.EXE c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\RUNDLL32.EXE c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-07-29 21:17:33 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-30 01:17 Pre-Run: 9,388,969,984 bytes free Post-Run: 9,496,846,336 bytes free - - End Of File - - 817EB3FE9F31401299E7BEBD7BF9A4E0 |
30-Jul-2010, 06:23 AM
#6 | |||||
| combofix has deleted some files & I don't know why as they aren't normally targetted by it I want to get some copies to examine them before we go any further please can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders that will make a zipped copy of the quarantine folder then please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
31-Jul-2010, 04:16 PM
#10 | |||||
| Was their anything odd about the quarantine folder? I noticed the Google search was removed from Firefox completely. However, its actually running smooth now and I want to thank you for going through the trouble of helping me out. |
31-Jul-2010, 05:46 PM
#11 | |||||
| it wasn't a genuine google search add in but a search hijacker masquerading as google search 2 of the removed files were legitimate but in an unusual place, where malware often imitates them. they are clean so we will restore them when we have finished cleaning up this should clear up the rest Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save) Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished Close any open browsers Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.  This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply . Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
01-Aug-2010, 01:21 AM
#12 | |||||
| Ok this is what it gave me: ComboFix 10-07-31.02 - admin 08/01/2010 0:14.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.611 [GMT -4:00] Running from: c:\temp\ComboFix.exe Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point FILE :: "c:\windows\Jfizagedeyoxi.dat" "c:\windows\Qkafejejifigoci.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Jfizagedeyoxi.dat c:\windows\Qkafejejifigoci.bin . ((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 ))))))))))))))))))))))))))))))) . 2010-07-30 03:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-30 03:08 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-07-30 01:15 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-07-30 01:15 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-07-30 01:15 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-07-30 01:15 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-07-30 01:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-07-30 01:15 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2010-07-30 01:15 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-07-30 01:00 . 2010-08-01 04:12 3748440 ----a-r- c:\temp\ComboFix.exe 2010-07-29 23:05 . 2010-07-29 23:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-29 05:18 . 2010-07-29 05:18 -------- d-----w- c:\windows\system32\XPSViewer 2010-07-29 05:17 . 2010-07-29 05:17 -------- d-----w- c:\program files\Reference Assemblies 2010-07-29 05:17 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-07-29 05:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-07-29 05:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-07-29 05:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-07-29 05:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-07-29 05:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-07-29 05:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-07-29 05:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-07-29 05:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-07-29 04:14 . 2010-07-29 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-29 04:14 . 2010-07-29 04:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-29 04:12 . 2010-07-29 04:13 16409960 ----a-w- c:\temp\spybotsd162.exe 2010-07-28 17:14 . 2010-07-28 17:14 388096 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-28 17:14 . 2010-07-28 17:14 -------- d-----w- c:\program files\Trend Micro 2010-07-28 16:38 . 2010-07-28 16:38 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe 2010-07-28 03:11 . 2010-07-28 03:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-07-27 23:10 . 2010-07-27 23:10 -------- d-----w- c:\windows\ie8updates 2010-07-27 23:10 . 2010-07-27 23:10 -------- d-----w- c:\program files\MSXML 4.0 2010-07-26 23:19 . 2010-07-26 23:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-07-26 22:06 . 2010-07-26 22:06 1835704 ----a-w- c:\temp\MSDownloaderV88(2).exe 2010-07-26 22:04 . 2010-07-30 01:28 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2010-07-26 22:04 . 2010-07-26 23:41 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2010-07-26 22:04 . 2010-07-26 23:41 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2010-07-26 22:04 . 2010-07-26 23:41 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2010-07-26 22:04 . 2010-07-26 23:41 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2010-07-26 22:04 . 2010-07-26 23:41 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2010-07-26 22:04 . 2010-07-26 22:04 3355328 ----a-w- c:\temp\NexonGameManager(2).exe 2010-07-26 21:45 . 2010-07-26 21:45 1870800 ----a-w- c:\temp\HousecallLauncher.exe 2010-07-26 21:45 . 2010-07-26 21:45 2203584 ----a-w- c:\temp\HousecallLauncher64.exe 2010-07-26 21:39 . 2010-07-26 21:39 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-26 21:33 . 2010-07-26 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-07-26 21:33 . 2010-07-26 21:33 -------- d-----w- c:\documents and settings\Administrator\IETldCache 2010-07-26 21:32 . 2010-07-26 21:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-07-26 21:32 . 2010-07-26 21:37 -------- d-s---w- c:\documents and settings\Administrator 2010-07-26 19:17 . 2010-07-26 19:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-07-23 22:33 . 2010-07-23 22:33 1835704 ----a-w- c:\temp\MSDownloaderV88.exe 2010-07-23 22:32 . 2010-07-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS 2010-07-23 22:31 . 2010-07-23 22:31 3355328 ----a-w- c:\temp\NexonGameManager.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 23:47 . 2009-03-25 21:03 69688 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-29 05:18 . 2009-04-02 21:52 -------- d-----w- c:\program files\MSBuild 2010-07-29 05:09 . 2009-03-31 21:23 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent 2010-07-26 22:07 . 2009-06-14 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-07-12 00:46 . 2009-04-02 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-23 17:04 . 2009-03-31 21:23 322352 ----a-w- c:\program files\utorrent.exe 2010-06-22 02:06 . 2009-05-28 03:15 2 -c--a-w- c:\windows\Error6.dat 2010-06-22 02:06 . 2009-05-28 03:15 15300 -c--a-w- c:\windows\White6.dat 2010-06-22 02:06 . 2009-05-28 03:15 15300 -c--a-w- c:\windows\Dark6.dat 2010-06-22 02:06 . 2009-05-28 03:15 6 -c--a-w- c:\windows\Expo6.dat 2010-06-22 02:06 . 2009-05-28 03:14 1 -c--a-w- c:\windows\Offset6.dat 2010-06-17 01:58 . 2009-04-05 18:06 -------- d-----w- c:\documents and settings\admin\Application Data\FrostWire 2010-06-14 14:31 . 2009-03-25 20:58 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-05-22 07:01 . 2010-05-22 07:01 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\msvcp71.dll 2010-05-22 07:01 . 2010-05-22 07:01 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\jmc.dll 2010-05-22 07:01 . 2010-05-22 07:01 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-67f4a1da-n\msvcr71.dll 2010-05-16 22:05 . 2010-05-16 22:05 7323 ----a-w- c:\documents and settings\Audacity\unins000.dat 2010-05-16 22:04 . 2010-05-16 22:05 674074 ----a-w- c:\documents and settings\Audacity\unins000.exe 2010-05-10 01:25 . 2010-05-10 01:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrows errecordext.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-10 01:25 . 2010-05-10 01:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-05-10 01:25 . 2010-05-10 01:25 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordh elper.dll 2010-05-10 01:25 . 2010-05-10 01:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.d ll 2010-05-10 01:25 . 2010-05-10 01:25 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll 2010-05-10 01:25 . 2010-05-10 01:25 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-10 01:24 . 2009-03-30 23:05 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-10 01:24 . 2009-03-30 23:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-06 10:41 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-03-26 19:02 . 2010-03-26 19:02 6948739 ----a-w- c:\program files\VDownloaderSetup2.6.exe 2008-11-11 03:23 . 2008-11-11 03:23 129 ----a-w- c:\program files\Free-Codecs.txt . ((((((((((((((((((((((((((((( SnapShot@2010-07-30_01.13.35 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-31 19:01 . 2010-07-31 19:01 16384 c:\windows\Temp\Perflib_Perfdata_56c.dat - 2009-03-25 20:57 . 2008-04-14 10:42 90112 c:\windows\system32\wshext.dll + 2009-03-25 20:57 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll - 2009-12-20 18:02 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2009-12-20 18:02 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe - 2009-03-25 20:59 . 2008-04-14 10:42 75776 c:\windows\system32\strmfilt.dll + 2009-03-25 20:59 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll - 2002-08-29 12:00 . 2008-04-14 10:42 79872 c:\windows\system32\raschap.dll + 2002-08-29 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll + 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll + 2002-08-29 12:00 . 2010-07-30 23:30 67516 c:\windows\system32\perfc009.dat - 2002-08-29 12:00 . 2010-07-29 05:22 67516 c:\windows\system32\perfc009.dat + 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll + 2009-11-07 05:07 . 2009-11-07 05:07 11600 c:\windows\system32\mui\0409\mscorees.dll + 2002-08-29 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll + 2009-03-25 20:58 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll - 2009-03-25 20:58 . 2008-04-14 10:42 11264 c:\windows\system32\msrle32.dll - 2009-03-08 08:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll + 2002-08-29 12:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll + 2002-08-29 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll + 2009-03-25 20:58 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll - 2009-03-25 20:58 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll + 2009-03-25 20:58 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll + 2009-03-25 20:59 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll + 2002-08-29 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll + 2010-04-27 03:15 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll - 2010-04-27 03:15 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll + 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll + 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll + 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll + 2002-08-29 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll + 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll + 2010-04-27 03:15 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2010-04-27 03:15 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll - 2009-03-08 08:33 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 08:33 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll + 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll + 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll + 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll + 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2002-08-29 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll - 2009-03-25 20:58 . 2008-04-14 10:41 84992 c:\windows\system32\avifil32.dll + 2009-03-25 20:58 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll + 2009-03-25 20:58 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll + 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll - 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll + 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2010-07-30 05:58 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll + 2010-07-30 05:58 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll + 2010-07-30 05:58 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll + 2010-07-30 23:32 . 2010-07-30 23:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fb de0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll + 2010-07-31 19:45 . 2010-07-31 19:45 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ec adf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll + 2010-07-31 19:45 . 2010-07-31 19:45 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bb dc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2010-07-30 23:29 . 2010-07-30 23:29 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\1872951 4178d458aa1225dd068718d4e\PresentationFontCache.ni.exe + 2010-07-30 06:08 . 2010-07-30 06:08 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa 28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1 a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d5047 24d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d53391 9f57131190\dfsvc.ni.exe + 2010-07-31 03:13 . 2010-07-31 03:13 56320 c:\windows\assembly\NativeImages_v2.0.50727_32\DecklinkVideoProper#\7d56bca bc86ddcac369815c80e41a143\DecklinkVideoProperties.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\33d073604 c8f4cf9f9cff9b2003c8a22\AjaVideoProperties.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664 cfdfbd4ad75e03c14d\Accessibility.ni.dll + 2010-07-30 06:07 . 2010-07-30 06:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll - 2010-07-29 05:22 . 2010-07-29 05:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll - 2010-07-29 05:17 . 2010-07-29 05:17 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll + 2010-07-30 05:56 . 2010-07-30 05:56 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll + 2010-07-30 06:07 . 2010-07-30 06:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll - 2010-07-29 05:22 . 2010-07-29 05:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll + 2010-07-30 06:07 . 2010-07-30 06:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll - 2010-07-29 05:22 . 2010-07-29 05:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll + 2010-07-30 06:07 . 2010-07-30 06:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll - 2010-07-29 05:22 . 2010-07-29 05:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll + 2010-07-30 06:07 . 2010-07-30 06:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2010-07-29 05:22 . 2010-07-29 05:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-07-30 06:07 . 2010-07-30 06:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-07-29 05:22 . 2010-07-29 05:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-07-29 05:22 . 2010-07-29 05:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll + 2010-07-30 06:07 . 2010-07-30 06:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll - 2010-07-29 05:22 . 2010-07-29 05:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll + 2010-07-30 06:07 . 2010-07-30 06:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll - 2010-07-29 05:22 . 2010-07-29 05:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-07-30 06:07 . 2010-07-30 06:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2010-07-29 05:22 . 2010-07-29 05:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll + 2010-07-30 06:07 . 2010-07-30 06:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll + 2010-07-30 06:07 . 2010-07-30 06:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll - 2010-07-29 05:22 . 2010-07-29 05:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll - 2010-07-29 05:22 . 2010-07-29 05:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll + 2010-07-30 06:07 . 2010-07-30 06:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll - 2010-07-29 05:22 . 2010-07-29 05:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll + 2010-07-30 06:07 . 2010-07-30 06:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll + 2010-07-30 05:57 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll + 2010-07-30 05:57 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll + 2010-07-30 06:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll + 2010-07-30 06:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll + 2010-07-30 06:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll + 2010-07-30 06:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll + 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll + 2010-07-30 05:57 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll + 2010-07-30 05:57 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll + 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll + 2010-07-30 05:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll + 2010-07-30 05:58 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll + 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll + 2010-07-30 06:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll + 2010-07-30 06:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll + 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll + 2010-07-30 05:57 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll + 2010-07-30 05:57 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll + 2010-07-30 06:05 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB961503\update\spcustom.dll + 2010-07-30 06:05 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB961503\spmsg.dll + 2010-07-30 05:57 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll + 2010-07-30 05:57 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll + 2010-07-30 06:05 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB951978\update\spcustom.dll + 2010-07-30 06:05 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB951978\spmsg.dll + 2008-05-09 10:45 . 2008-05-09 10:45 90112 c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll + 2010-07-30 06:05 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2010-07-30 06:05 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB950974\spmsg.dll - 2010-07-29 05:22 . 2010-07-29 05:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-07-30 06:07 . 2010-07-30 06:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll + 2010-07-30 06:07 . 2010-07-30 06:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll - 2010-07-29 05:22 . 2010-07-29 05:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll - 2010-07-29 05:22 . 2010-07-29 05:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll + 2010-07-30 06:07 . 2010-07-30 06:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll + 2010-07-30 06:07 . 2010-07-30 06:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-07-29 05:22 . 2010-07-29 05:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-07-29 05:22 . 2010-07-29 05:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll + 2010-07-30 06:07 . 2010-07-30 06:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll + 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll - 2010-07-29 05:22 . 2010-07-29 05:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2010-07-30 06:07 . 2010-07-30 06:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2010-07-30 06:07 . 2010-07-30 06:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2010-07-29 05:22 . 2010-07-29 05:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2002-08-29 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe - 2002-08-29 12:00 . 2008-04-14 10:42 155648 c:\windows\system32\wscript.exe + 2004-08-11 05:45 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll + 2002-08-29 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll + 2002-08-29 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll - 2002-08-29 12:00 . 2008-04-14 10:42 172032 c:\windows\system32\scrrun.dll + 2002-08-29 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll - 2002-08-29 12:00 . 2008-04-14 10:42 180224 c:\windows\system32\scrobj.dll + 2002-08-29 12:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll + 2002-08-29 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll + 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe + 2002-08-29 12:00 . 2010-07-30 23:30 432686 c:\windows\system32\perfh009.dat - 2002-08-29 12:00 . 2010-07-29 05:22 432686 c:\windows\system32\perfh009.dat - 2009-03-25 20:58 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll + 2009-03-25 20:58 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll + 2009-03-25 20:58 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll - 2009-03-25 20:58 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll + 2009-03-25 20:58 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll + 2009-03-25 20:58 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe - 2009-03-25 20:58 . 2008-04-14 10:42 343040 c:\windows\system32\mspaint.exe + 2009-03-08 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll + 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll + 2002-08-29 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll - 2002-08-29 12:00 . 2008-04-14 10:41 989696 c:\windows\system32\kernel32.dll + 2009-03-25 20:58 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll - 2009-03-25 20:58 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll - 2009-03-25 20:58 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll + 2009-03-25 20:58 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll + 2009-03-25 20:58 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll - 2009-03-25 20:58 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll - 2009-03-25 20:58 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe + 2009-03-25 20:58 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe - 2009-03-25 15:27 . 2010-07-29 05:31 269392 c:\windows\system32\FNTCACHE.DAT + 2009-03-25 15:27 . 2010-07-30 23:27 269392 c:\windows\system32\FNTCACHE.DAT + 2002-08-29 12:00 . 2008-07-07 20:26 253952 c:\windows\system32\es.dll + 2002-08-29 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys + 2002-08-29 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys + 2002-08-29 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys + 2009-03-25 20:59 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys + 2009-03-25 20:59 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys - 2002-08-29 12:00 . 2008-06-20 11:40 138496 c:\windows\system32\drivers\afd.sys + 2002-08-29 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys + 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe + 2004-08-11 05:45 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2009-03-08 08:34 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll - 2009-03-08 08:34 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll + 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys + 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll + 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll - 2009-03-08 08:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll + 2009-03-08 08:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll + 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll - 2009-03-08 08:32 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 08:32 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll + 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe + 2010-04-27 03:15 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll + 2010-04-27 03:17 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll - 2010-04-27 03:17 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll - 2010-04-27 03:15 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll + 2010-04-27 03:15 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll + 2009-03-08 08:31 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll - 2009-03-08 08:31 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll - 2009-03-08 18:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-08 18:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2009-03-08 08:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 08:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys + 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll + 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe + 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll + 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys - 2008-06-20 11:40 . 2008-06-20 11:40 138496 c:\windows\system32\dllcache\afd.sys + 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll + 2002-08-29 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe + 2009-03-25 20:58 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd.dll - 2009-03-25 20:58 . 2008-04-14 10:39 285696 c:\windows\system32\atmfd.dll + 2009-03-25 20:58 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll + 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll - 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\ffd68f.msp + 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\ffd668.msp + 2010-07-30 05:58 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll + 2010-07-30 05:58 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2010-07-30 05:58 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe + 2010-07-30 05:58 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll + 2010-07-30 05:58 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll + 2010-07-30 05:58 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2010-07-30 05:58 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll + 2010-07-30 05:58 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll + 2010-07-30 05:58 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2010-07-30 05:58 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll + 2010-07-30 05:58 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe + 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys + 2010-07-30 01:15 . 2008-06-13 11:05 272128 c:\windows\Driver Cache\i386\bthport.sys + 2010-07-31 03:13 . 2010-07-31 03:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f32 0c1a0971dd614d1\WsatConfig.ni.exe + 2010-07-30 23:32 . 2010-07-30 23:32 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac 9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll + 2010-07-30 23:32 . 2010-07-30 23:32 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644 dc50a083868e91a4014466\UIAutomationTypes.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627 fec69291dbaed236f30dc65\UIAutomationClient.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594db d5652a576a0dce28722c\System.Security.ni.dll + 2010-07-31 03:12 . 2010-07-31 03:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c 80e6e22ca33c63c218\System.IO.Log.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa4893 6affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba682 0f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll + 2010-07-31 19:45 . 2010-07-31 19:45 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a 3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eb a1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll + 2010-07-31 19:45 . 2010-07-31 19:45 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff77 63d15a3976766c2f6\System.AddIn.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 585216 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\225ffbb04377937a3 a2ae575bd352137\Sony.Vegas.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 235008 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\6188e28 3c69141289f5c5ffefef29056\Sony.Vegas.NetRender.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 261120 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\bc252d0 ea2ba320f8e85596b99ebfc83\Sony.MediaSoftware.ExternalVideoDevice.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 673280 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\dcccdb3325a7746 fdee7a23ac622f22f\Sony.Capture.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dc b2c435c7380450\SMSvcHost.ni.exe + 2010-07-31 03:13 . 2010-07-31 03:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c22 4e8b41ff2f96a3087c\SMDiagnostics.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498 f43980d64820d8186c8a\ServiceModelReg.ni.exe + 2010-07-30 23:30 . 2010-07-30 23:30 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7 e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76 fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef099 2fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d 394813d760496f60acf046384\PresentationFramework.Royale.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa9 34c3c824b7b4\MSBuild.ni.exe + 2010-07-31 03:13 . 2010-07-31 03:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c6 9c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24 b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d3 63cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360d f9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dc d89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f2 21ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974 f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe + 2010-07-31 03:13 . 2010-07-31 03:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d1 5bec70d6cdb00b5e8\AspNetMMCExt.ni.dll + 2010-07-30 06:07 . 2010-07-30 06:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll - 2010-07-29 05:22 . 2010-07-29 05:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll - 2010-07-29 05:22 . 2010-07-29 05:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll + 2010-07-30 06:07 . 2010-07-30 06:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll + 2010-07-30 06:07 . 2010-07-30 06:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll - 2010-07-29 05:22 . 2010-07-29 05:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll - 2010-07-29 05:22 . 2010-07-29 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll + 2010-07-30 06:07 . 2010-07-30 06:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll + 2010-07-30 05:56 . 2010-07-30 05:56 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c56 1934e089\System.Runtime.Serialization.dll - 2010-07-29 05:22 . 2010-07-29 05:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-07-30 06:07 . 2010-07-30 06:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-07-30 06:07 . 2010-07-30 06:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll - 2010-07-29 05:22 . 2010-07-29 05:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll + 2010-07-30 06:07 . 2010-07-30 06:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll - 2010-07-29 05:22 . 2010-07-29 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll + 2010-07-30 06:07 . 2010-07-30 06:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll - 2010-07-29 05:22 . 2010-07-29 05:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll + 2010-07-30 05:56 . 2010-07-30 05:56 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089 \System.IdentityModel.dll - 2010-07-29 05:22 . 2010-07-29 05:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll + 2010-07-30 06:07 . 2010-07-30 06:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll + 2010-07-30 06:07 . 2010-07-30 06:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll - 2010-07-29 05:22 . 2010-07-29 05:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll - 2010-07-29 05:22 . 2010-07-29 05:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2010-07-30 06:07 . 2010-07-30 06:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2010-07-29 05:22 . 2010-07-29 05:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll + 2010-07-30 06:08 . 2010-07-30 06:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll - 2010-07-29 05:22 . 2010-07-29 05:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll + 2010-07-30 06:08 . 2010-07-30 06:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll - 2010-07-29 05:22 . 2010-07-29 05:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll + 2010-07-30 06:08 . 2010-07-30 06:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll + 2010-07-30 06:07 . 2010-07-30 06:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l - 2010-07-29 05:22 . 2010-07-29 05:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l - 2010-07-29 05:17 . 2010-07-29 05:17 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll + 2010-07-30 05:56 . 2010-07-30 05:56 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll + 2010-07-30 06:07 . 2010-07-30 06:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll - 2010-07-29 05:22 . 2010-07-29 05:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll + 2010-07-30 06:07 . 2010-07-30 06:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2010-07-29 05:22 . 2010-07-29 05:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2010-07-29 05:22 . 2010-07-29 05:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-07-30 06:07 . 2010-07-30 06:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2010-07-29 05:22 . 2010-07-29 05:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll + 2010-07-30 06:07 . 2010-07-30 06:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll + 2010-07-30 06:07 . 2010-07-30 06:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll - 2010-07-29 05:22 . 2010-07-29 05:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll - 2010-07-29 05:22 . 2010-07-29 05:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll + 2010-07-30 06:07 . 2010-07-30 06:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll - 2010-07-29 05:22 . 2010-07-29 05:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll + 2010-07-30 06:07 . 2010-07-30 06:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll + 2010-07-30 06:07 . 2010-07-30 06:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll - 2010-07-29 05:22 . 2010-07-29 05:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll + 2010-07-30 06:07 . 2010-07-30 06:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll - 2010-07-29 05:22 . 2010-07-29 05:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll + 2010-07-30 06:07 . 2010-07-30 06:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll - 2010-07-29 05:22 . 2010-07-29 05:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll + 2010-07-30 06:07 . 2010-07-30 06:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll - 2010-07-29 05:22 . 2010-07-29 05:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll + 2010-07-30 05:57 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll + 2010-07-30 05:57 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe + 2010-07-30 05:57 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe + 2009-12-16 18:27 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe + 2010-07-30 06:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll + 2010-07-30 06:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe + 2010-07-30 06:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe + 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys + 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll + 2010-07-30 06:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll + 2010-07-30 06:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe + 2010-07-30 06:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe + 2010-07-30 05:57 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll + 2010-07-30 05:57 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe + 2010-07-30 05:57 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe + 2010-07-30 05:58 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll + 2010-07-30 05:58 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe + 2010-07-30 05:58 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe + 2010-07-30 06:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll + 2010-07-30 06:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe + 2010-07-30 06:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe + 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll + 2010-07-30 05:57 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll + 2010-07-30 05:57 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe + 2010-07-30 05:57 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe + 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll + 2010-07-30 06:05 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB961503\update\updspapi.dll + 2010-07-30 06:05 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB961503\update\update.exe + 2010-07-30 06:05 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB961503\spuninst.exe + 2010-07-30 05:57 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll + 2010-07-30 05:57 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe + 2010-07-30 05:57 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe + 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll + 2010-07-30 06:05 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB951978\update\updspapi.dll + 2010-07-30 06:05 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB951978\update\update.exe + 2010-07-30 06:05 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB951978\spuninst.exe + 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe + 2008-05-09 10:45 . 2008-05-09 10:45 430080 c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll + 2008-05-09 10:45 . 2008-05-09 10:45 172032 c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll + 2008-05-09 10:45 . 2008-05-09 10:45 180224 c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll + 2008-05-09 10:45 . 2008-05-09 10:45 512000 c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll + 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe + 2010-07-30 06:05 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2010-07-30 06:05 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB950974\update\update.exe + 2010-07-30 06:05 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB950974\spuninst.exe + 2008-07-07 20:23 . 2008-07-07 20:23 253952 c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2004-08-11 05:45 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll + 2002-08-29 12:00 . 2010-05-02 05:22 1851264 c:\windows\system32\win32k.sys - 2002-08-29 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll + 2002-08-29 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll - 2009-03-25 20:58 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll + 2009-03-25 20:58 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll + 2002-08-29 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll + 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll - 2009-03-08 08:32 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll + 2004-08-11 05:45 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2009-08-14 13:21 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys - 2009-03-08 08:34 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll + 2009-03-08 08:34 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll - 2009-11-27 17:11 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll + 2009-11-27 17:11 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll + 2010-04-27 03:10 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll - 2010-04-27 03:10 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll + 2009-03-08 08:41 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll + 2010-04-27 03:15 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll - 2010-04-27 03:15 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll + 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll + 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll + 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll - 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\ffd6aa.msp + 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\ffd675.msp + 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\ffd674.msp + 2010-07-30 05:58 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll + 2010-07-30 05:58 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll + 2010-07-30 05:58 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll + 2010-07-30 23:29 . 2010-07-30 23:29 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adab c6a1b0fdf07eee05\WindowsBase.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce 90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll + 2010-07-30 06:08 . 2010-07-30 06:08 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba2 51860f4c79e\System.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae 862974042298348\System.Xml.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506b f643b853e41668afa3\System.Speech.ni.dll + 2010-07-31 03:12 . 2010-07-31 03:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a 63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e55 58991f331d482c2bdba6\System.Printing.ni.dll + 2010-07-31 03:12 . 2010-07-31 03:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86 064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c 40dc073b2fe03843638\System.Drawing.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a 11bd4ab73af7cab5\System.Data.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392 c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03 779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935e c0e9b980f19a046a\System.Core.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38 586390dcc63bf056322\ReachFramework.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4 addaf5b8ebee697a027\PresentationUI.ni.dll + 2010-07-30 06:08 . 2010-07-30 06:08 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773 b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll + 2010-07-31 19:45 . 2010-07-31 19:45 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855 860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de 493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82 d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5 b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc672 3d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll + 2010-07-30 06:01 . 2010-07-30 06:01 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsB ase.dll + 2010-07-30 06:08 . 2010-07-30 06:08 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2010-07-30 06:08 . 2010-07-30 06:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll - 2010-07-29 05:22 . 2010-07-29 05:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll - 2010-07-29 05:22 . 2010-07-29 05:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll + 2010-07-30 06:07 . 2010-07-30 06:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll + 2010-07-30 05:56 . 2010-07-30 05:56 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\ System.ServiceModel.dll - 2010-07-29 05:22 . 2010-07-29 05:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll + 2010-07-30 06:07 . 2010-07-30 06:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll + 2010-07-30 06:01 . 2010-07-30 06:01 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e3 5\PresentationFramework.dll - 2010-07-29 05:22 . 2010-07-29 05:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll + 2010-07-30 06:07 . 2010-07-30 06:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll + 2010-07-30 06:08 . 2010-07-30 06:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll - 2010-07-29 05:22 . 2010-07-29 05:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll + 2010-07-30 06:01 . 2010-07-30 06:01 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\Prese ntationCore.dll - 2010-07-29 05:17 . 2010-07-29 05:17 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\Prese ntationCore.dll - 2010-07-29 05:22 . 2010-07-29 05:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-07-30 06:07 . 2010-07-30 06:07 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-07-29 05:01 . 2010-07-02 16:39 34045896 c:\windows\system32\MRT.exe + 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll + 2010-02-25 15:54 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll + 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\ffd6c1.msp + 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\ffd6b7.msp + 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\ffd684.msp + 2010-07-30 05:58 . 2010-02-25 15:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll + 2010-07-30 23:31 . 2010-07-30 23:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045 e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll + 2010-07-31 03:13 . 2010-07-31 03:13 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe 3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll + 2010-07-30 23:31 . 2010-07-30 23:31 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee1 05e4c873ca050f9f46\System.Design.ni.dll + 2010-07-30 23:30 . 2010-07-30 23:30 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662a da034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll + 2010-07-30 23:29 . 2010-07-30 23:29 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac 6ac923b5ade8ba1ab9382\PresentationCore.ni.dll + 2010-07-30 06:08 . 2010-07-30 06:08 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c8 6bd1a2125ce26\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" [X] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EPSON Stylus C88 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-10 202256] c:\documents and settings\admin\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 22:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "uTorrent"="c:\program files\utorrent.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List] "58272:TCP"= 58272:TCP:Pando Media Booster "58272:UDP"= 58272:UDP:Pando Media Booster "56743:TCP"= 56743:TCP:Pando Media Booster "56743:UDP"= 56743:UDP:Pando Media Booster R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [5/27/2009 11:06 PM 3616] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/25/2009 5:56 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/25/2009 5:56 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/25/2009 5:56 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/25/2009 5:56 PM 297752] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/30/2009 5:40 PM 1684736] . Contents of the 'Scheduled Tasks' folder 2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1647877149-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1647877149-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://support.intel.com/support/chipsets/sb/CS-020683.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: simnetenterprise.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\jeaoeson.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrows errecordext.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-01 00:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-507921405-1647877149-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f6,83,7f,4e,36,2a,31,ea,17,2a,ac,90,1e,50,92,8f,9b,56,c4,d2,fb,9e, 6e, 1a,ae,e8,e5,75,44,f3,08,d0,ec,fe,3c,a8,5e,bb,7f,71,be,7e,b0,52,f0,d8,06,e8, \ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . Completion time: 2010-08-01 00:19:47 ComboFix-quarantined-files.txt 2010-08-01 04:19 ComboFix2.txt 2010-07-30 01:17 Pre-Run: 8,357,990,400 bytes free Post-Run: 8,431,423,488 bytes free - - End Of File - - 58D6F16EBF53551C88C03B71246702A9 |
01-Aug-2010, 12:15 PM
#15 | |||||
| *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware* * Click START then RUN * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.  This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot. go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks. and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
|
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
Similar Threads | ||||
| Title | Thread Starter | Forum | Replies | Last Post |
| Couple of problems with internet | Cicko | Networking | 4 | 16-May-2010 05:18 PM |
| Couple of problems with Vista Home Premium...very annoying!! | ribber | Windows Vista | 2 | 26-Mar-2009 01:15 PM |
| Couple of Problems With Custom Built PC | Fragg | Hardware | 2 | 26-Apr-2008 11:28 PM |
| A Couple Of Problems On My New Computer. | Cmarr | Hardware | 14 | 13-Mar-2005 04:14 AM |
| A couple of problems with my system | Danowat32 | Windows XP | 4 | 19-Dec-2004 12:50 PM |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 01:10 AM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile